CVE-2023-0527
published 2023-01-27CVE-2023-0527: A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown…
PriorityP344medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
6.17%
92.6th percentile
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input ">alert(document.domain) leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219596.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| online_security_guards_hiring_system_project | online_security_guards_hiring_system | — | — |
| phpgurukul | online_security_guards_hiring_system | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Online Security Guards Hiring System 1.0 - Reflected XSS
exploitdb·2023-05-31·CVSS 3.5
CVE-2023-0527 [LOW] Online Security Guards Hiring System 1.0 - Reflected XSS
Online Security Guards Hiring System 1.0 - Reflected XSS
---
#Exploit Title: Online Security Guards Hiring System 1.0 – REFLECTED XSS
#Google Dork : NA
#Date: 23-01-2023
#Exploit Author : AFFAN AHMED
#Vendor Homepage: https://phpgurukul.com
#Software Link: https://phpgurukul.com/projects/Online-Security-Guard-Hiring-System_PHP.zip
#Version: 1.0
#Tested on: Windows 11 + XAMPP + PYTHON-3.X
#CVE : CVE-2023-0527
#NOTE: TO RUN THE PROGRAM FIRST SETUP THE CODE WITH XAMPP AND THEN RUN THE BELOW PYTHON CODE TO EXPLOIT IT
# Below code check for both the parameter /admin-profile.php and in /search.php
#POC-LINK: https://github.com/ctflearner/Vulnerability/blob/main/Online-Security-guard-POC.md
import requests
import re
from colorama import Fore
print(Fore.YELLOW + "###########################
Nuclei
Online Security Guards Hiring System - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-0527 [MEDIUM] Online Security Guards Hiring System - Cross-Site Scripting
Online Security Guards Hiring System - Cross-Site Scripting
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php.
Template:
id: CVE-2023-0527
info:
name: Online Security Guards Hiring System - Cross-Site Scripting
author: Harsh
severity: medium
description: |
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php.
impact: |
Unauthenticated attackers can inject malicious JavaScript through the searchdata parameter in search-request.php to steal user session cookies and execute attacks.
remediation: |
Upgrade
No writeups or analysis indexed.
2023-01-27
Published