Lucene search

[email protected]NVD:CVE-2023-31935

HistoryJul 28, 2023 - 2:15 p.m.

CVE-2023-31935

2023-07-2814:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-31935

cross site scripting

rail pass management system

remote attacker

sensitive information

admin profile

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

28.5%

JSON

Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php.

Affected configurations

Nvd

Node

phpgurukulrail_pass_management_systemMatch1.0

VendorProductVersionCPE
phpgurukulrail_pass_management_system1.0cpe:2.3:a:phpgurukul:rail_pass_management_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpgurukul	rail_pass_management_system	1.0	cpe:2.3:a:phpgurukul:rail_pass_management_system:1.0:::::::*

References

github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug1-XSS-in-Admin-Name.md

github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug2-XSS-in-Email-address.md