CVE-2023-36118

Name of the Vulnerable Software and Affected Versions Faculty Evaulation System version 1.0

Description The issue allows an attacker to execute arbitrary code via a crafted payload to the page parameter. This is a Cross Site Scripting vulnerability in the Faculty Evaulation System using PHP/MySQLi.

Recommendations For Faculty Evaulation System version 1.0, consider validating and sanitizing user input for the page parameter to prevent the execution of arbitrary code. As a temporary workaround, restrict access to the page parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.