CVE-2021-4232 — Cross-site Scripting in ZOO Management System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA3.5

EPSS

0.2%

top 55.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul ZOO Management System

Timeline

PublishedMay 26

Latest updateMay 27

Description

A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input alert(1) leads to cross site scripting. It is possible to launch the attack remotely.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDphpgurukul/zoo_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-rfvc-7f87-gqhh: A vulnerability classified as problematic has been found in Zoo Management System 1↗2022-05-27

▶

CVEList

Zoo Management System manage-ticket.php cross site scripting↗2022-05-26

▶