PT-2023-14812 · Unknown · Phpgurukul Doctor Appointment Management System

Rajeshwar Singh

·

Publicado

2023-01-25

·

Atualizado

2023-11-14

·

CVE-2022-46128

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions phpgurukul Doctor Appointment Management System version 1.0.0
Description The issue concerns a Cross Site Scripting (XSS) vulnerability. It can be exploited via the searchdata variable.
Recommendations For phpgurukul Doctor Appointment Management System version 1.0.0, consider validating and sanitizing user input for the searchdata variable to prevent XSS attacks. As a temporary workaround, restrict access to the search functionality until a patch is available.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2022-46128

Produtos afetados

Phpgurukul Doctor Appointment Management System