PT-2023-24978 · Unknown · Phpgurukul Cyber Cafe Management System
Published
2023-06-15
·
Updated
2024-12-12
·
CVE-2023-34666
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Phpgurukul Cyber Cafe Management System version 1.0
Description
The issue allows remote attackers to inject arbitrary web script or HTML via the
admin username parameter, which can lead to cross-site scripting (XSS) attacks.Recommendations
For Phpgurukul Cyber Cafe Management System version 1.0, consider restricting access to the admin login page to minimize the risk of exploitation until a patch is available. Avoid using the
admin username parameter in a way that allows user-inputted data to be executed as HTML or script.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Cyber Cafe Management System