PT-2023-20057 · Unknown · Online Reviewer Management System
Crazychen123
·
Published
2023-02-28
·
Updated
2023-03-06
·
CVE-2023-25431
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Online Reviewer Management System version 1.0
Description
An issue was discovered in the Online Reviewer Management System, where there is a XSS vulnerability. This vulnerability can be exploited via the
reviewer 0/admins/assessments/course/course-update.php API endpoint.Recommendations
For Online Reviewer Management System version 1.0, as a temporary workaround, consider restricting access to the
course-update.php file until a patch is available. Avoid using the vulnerable API endpoint reviewer 0/admins/assessments/course/course-update.php until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Online Reviewer Management System