PT-2020-11931 · Phpgurukul · Phpgurukul Daily Expense Tracker System

Published

2020-03-05

Updated

2020-03-05

CVE-2020-10107

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions PHPGurukul Daily Expense Tracker System version 1.0

Description The issue concerns stored XSS. It is demonstrated by the ExpenseItem or ExpenseCost parameter in the "manage-expense.php" endpoint.

Recommendations For PHPGurukul Daily Expense Tracker System version 1.0, as a temporary workaround, consider validating and sanitizing the ExpenseItem and ExpenseCost parameters in the "manage-expense.php" endpoint to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-10107

Affected Products

Phpgurukul Daily Expense Tracker System

PT-2020-11931 · Phpgurukul · Phpgurukul Daily Expense Tracker System

CVE-2020-10107

Weakness Enumeration

Related Identifiers

Affected Products

References · 4