XSS Vulnerability in /jobportal/admin/login.php Exposes User Session Details
CVE-2024-8473

6.1MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Job Portal
Vendor: CVE Published:; 5 September 2024

Summary

A Cross-Site Scripting (XSS) vulnerability has been identified in Job Portal Management Software, where input from users is not adequately encrypted. This security flaw allows an attacker to exploit the user_email parameter within the /jobportal/admin/login.php path. By doing so, they can potentially retrieve sensitive session details of authenticated users, posing a significant risk to user data integrity and confidentiality. It is essential for users of the affected software versions to implement appropriate security measures to protect against such exploitation.

Affected Version(s)

Job Portal 1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 5, 2024
Vulnerability Reserved
Sep 5, 2024

Credit

Rafael Pedrero