CVE-2018-25330

Name of the Vulnerable Software and Affected Versions EkRishta version 2.10

Description EkRishta contains persistent cross-site scripting and SQL injection flaws. Attackers can inject script payloads into profile information fields, such as Address, which execute when other users view the profile. Additionally, SQL injection is possible via the phone no parameter at the 'user setting' endpoint, allowing for the manipulation of database queries.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.