CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39551
https://notcve.org/view.php?id=CVE-2023-39551
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php. • https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md https://nvd.nist.gov/vuln/detail/CVE-2023-39551 https://www.chtsecurity.com/news/0dbe8e1d-0a6c-4604-9cf1-778ddc86a8c1 https://www.chtsecurity.com/news/285b9375-ba65-4f61-a02a-a575337dc86c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36936
https://notcve.org/view.php?id=CVE-2023-36936
Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box. • https://medium.com/%40ridheshgohil1092/cve-2023-36936-xss-online-security-guards-hiring-system-773f394f6117 https://packetstormsecurity.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-0527 – PHPGurukul Online Security Guards Hiring System search-request.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-0527
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://www.exploit-db.com/exploits/51494 https://github.com/ctflearner/Vulnerability/blob/main/Online-Security-guard-POC.md https://vuldb.com/?ctiid.219596 https://vuldb.com/?id.219596 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •