CVE-2021-27544

Name of the Vulnerable Software and Affected Versions PHPGurukul Beauty Parlour Management System version 1.0

Description The issue allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the sername parameter in the "add-services.php" component. This enables attackers to perform Cross Site Scripting (XSS) attacks.

Recommendations For PHPGurukul Beauty Parlour Management System version 1.0, consider restricting access to the "add-services.php" component until a patch is available, and avoid using the sername parameter in this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.