Vulnerabilites related to PHPGurukul - Online Security Guards Hiring System
cve-2023-0527
Vulnerability from cvelistv5
Published
2023-01-27 10:32
Modified
2024-08-02 05:17
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219596.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.219596 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.219596 | signature, permissions-required | |
| https://github.com/ctflearner/Vulnerability/blob/main/Online-Security-guard-POC.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Online Security Guards Hiring System |
Version: 1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:49.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.219596"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.219596"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/ctflearner/Vulnerability/blob/main/Online-Security-guard-POC.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Security Guards Hiring System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "Affan (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input \"\u003e\u003cscript\u003ealert(document.domain)\u003c/script\u003e leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219596."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in PHPGurukul Online Security Guards Hiring System 1.0 gefunden. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei search-request.php. Durch die Manipulation des Arguments searchdata mit der Eingabe \"\u003e\u003cscript\u003ealert(document.domain)\u003c/script\u003e mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T19:32:17.398Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.219596"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.219596"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ctflearner/Vulnerability/blob/main/Online-Security-guard-POC.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-01-27T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-01-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-02-23T12:32:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Online Security Guards Hiring System search-request.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-0527",
"datePublished": "2023-01-27T10:32:39.795Z",
"dateReserved": "2023-01-27T10:31:57.626Z",
"dateUpdated": "2024-08-02T05:17:49.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}