CVE-2021-43137

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions hostel management system version 2.1

Description The issue concerns Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities. These vulnerabilities exist via the name field in the "my-profile.php" page. By chaining these vulnerabilities, an attacker can achieve account takeover.

Recommendations For hostel management system version 2.1, consider disabling the name field in "my-profile.php" as a temporary workaround until a patch is available. Restrict access to the "my-profile.php" page to minimize the risk of exploitation. Avoid using the name field in the affected page until the issue is resolved.

Fix

XSS

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-352

Related Identifiers

CVE-2021-43137

Affected Products

Hospital Management System

CVE-2021-43137

Weakness Enumeration

Related Identifiers

Affected Products

References · 4