PT-2023-26090 · Unknown · Maid Hiring Management System
Published
2023-07-13
·
Updated
2023-11-14
·
CVE-2023-37745
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Maid Hiring Management System version 1.0
Description
A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
Page Description of the "/admin/aboutus.php" API endpoint.Recommendations
For Maid Hiring Management System version 1.0, consider disabling the editing functionality of the
Page Description field in the /admin/aboutus.php component until a patch is available. Restrict access to the /admin/aboutus.php component to minimize the risk of exploitation. Avoid using the Page Description field in the affected component until the issue is resolved.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Maid Hiring Management System