Page 2 of 8 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-43137

https://notcve.org/view.php?id=CVE-2021-43137

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) y Cross-Site Request Forgery (CSRF) se presenta en hostel management system versión 2.1, por medio del campo name en el archivo my-profile.php. El encadenamiento de ambas vulnerabilidades conlleva a una toma de posesión de la cuenta • https://www.exploit-db.com/exploits/50461 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3

CVE-2020-25270 – Hostel Management System 2.1 - Cross Site Scripting (Multiple Fields)

https://notcve.org/view.php?id=CVE-2020-25270

PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City. PHPGurukul hostel-management-system versión 2.1, permite un ataque de tipo XSS por medio de Guardian Name, Guardian Relation, Guardian Contact no, Address, o City Hostel Management System version 2.1 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/48905 https://github.com/Ko-kn3t/CVE-2020-25270 http://packetstormsecurity.com/files/159614/Hostel-Management-System-2.1-Cross-Site-Scripting.html https://phpgurukul.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-5510

https://notcve.org/view.php?id=CVE-2020-5510

PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. PHPGurukul Hostel Management System versión v2.0, permite una inyección SQL por medio del parámetro id en el archivo full-profile.php. • https://www.exploit-db.com/exploits/47854 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •