Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-0527 — Cross-site Scripting in Online Security Guards Hiring System

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.1MEDIUMNVD

CNA3.5

EPSS

9.0%

top 7.38%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpgurukul Online Security Guards Hiring System Online Security Guards Hiring System Project Online Security Guards Hiring System

Timeline

PublishedJan 27

Latest updateMay 31

Description

A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input ">alert(document.domain) leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219596.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5phpgurukul/online_security_guards_hiring_system1.0

▶NVDonline_security_guards_hiring_system_project/online_security_guards_hiring_system1.0

🔴Vulnerability Details

CVEList

PHPGurukul Online Security Guards Hiring System search-request.php cross site scripting↗2023-01-27

▶

GHSA

GHSA-f84x-96pr-hfjw: A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1↗2023-01-27

▶

💥Exploits & PoCs

Exploit-DB

Online Security Guards Hiring System 1.0 - Reflected XSS↗2023-05-31

▶

Nuclei

Online Security Guards Hiring System - Cross-Site Scripting

▶