CVE-2023-31934

Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug1-XSS-in-Admin-Name.md	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:phpgurukul:rail_pass_management_system:1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-07-28 14:15

Updated : 2023-12-20 20:09

NVD link : CVE-2023-31934

Mitre link : CVE-2023-31934

CVE.ORG link : CVE-2023-31934

JSON object : View

Products Affected

phpgurukul

rail_pass_management_system

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.8 /10