CVE-2021-43137

CWE-79 — Cross-site Scripting (XSS)CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 66.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Hostel Management System

Timeline

PublishedDec 1

Latest updateDec 2

Description

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDphpgurukul/hostel_management_system2.1

🔴Vulnerability Details

GHSA

GHSA-3q67-fwp6-mgfc: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2↗2021-12-02

▶

CVEList

CVE-2021-43137: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2↗2021-12-01

▶