PT-2020-18397 · Phpgurukul · Phpgurukul Dairy Farm Shop Management System
Cinzinga
·
Published
2020-01-09
·
Updated
2023-11-14
·
CVE-2020-5308
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PHPGurukul Dairy Farm Shop Management System version 1.0
Description
The issue allows for XSS attacks, as demonstrated by the
category and CategoryCode parameters in "add-category.php", the CompanyName parameter in "add-company.php", and the ProductName parameter in "add-product.php".Recommendations
For PHPGurukul Dairy Farm Shop Management System version 1.0, consider validating and sanitizing user input for the
category, CategoryCode, CompanyName, and ProductName parameters to prevent XSS attacks. As a temporary workaround, restrict access to the "add-category.php", "add-company.php", and "add-product.php" pages until a proper fix is applied.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Dairy Farm Shop Management System