CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46583
https://notcve.org/view.php?id=CVE-2023-46583
25 Oct 2023 — Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field. Vulnerabilidad de Cross-Site Scripting (XSS) en PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 permite a los atacantes ejecutar código arbitrario a través de un payload manipulado inyectado en el campo Estado. • https://github.com/rumble773/sec-research/blob/main/NiV/CVE-2023-46583.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46584
https://notcve.org/view.php?id=CVE-2023-46584
25 Oct 2023 — SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint. Vulnerabilidad de inyección SQL en PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 permite a un atacante remoto escalar privilegios a través de una solicitud manipulada al endpoint new-user-testing.php. • https://github.com/rumble773/sec-research/blob/main/NiV/CVE-2023-46584.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •