CVE-2023-23161
published 2023-02-10CVE-2023-23161: A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML…
PriorityP339medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
5.91%
92.3th percentile
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpgurukul | art_gallery_management_system | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
exploitdb·2023-04-03·CVSS 6.1
CVE-2023-23161 [MEDIUM] Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
---
# Exploit Title: Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
# Date: 20/01/2023
# Exploit Author: Rahul Patwari
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip
# Version: 1.0
# Tested on: XAMPP / Windows 10
# CVE : CVE-2023-23161
# Proof of Concept:
# 1- Install The application Art Gallery Management System Project v1.0
# 2- Go to https://localhost.com/Art-Gallery-MS-PHP/product.php?cid=3&&artname=prints
# 3- Now Insert XSS Payload on artname parameter.
the XSS Payload: %3Cimg%20src=1%20onerror=alert(document.domain)%3E
# 4- Go to https://localhost.com/Art-Gallery-MS-PHP/product.php?cid=1&&artnam
Nuclei
Art Gallery Management System Project v1.0 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-23161 [MEDIUM] Art Gallery Management System Project v1.0 - Cross-Site Scripting
Art Gallery Management System Project v1.0 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.
Template:
id: CVE-2023-23161
info:
name: Art Gallery Management System Project v1.0 - Cross-Site Scripting
author: ctflearner
severity: medium
description: |
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.
impact: |
Successful exploitation of this vulnerabil
No writeups or analysis indexed.
http://packetstormsecurity.com/files/171642/Art-Gallery-Management-System-Project-1.0-Cross-Site-Scripting.htmlhttps://github.com/rahulpatwari/CVE/blob/main/CVE-2023-23161/CVE-2023-23161.txthttps://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/https://phpgurukul.com/projects/Art-Gallery-MS-PHP.ziphttp://packetstormsecurity.com/files/171642/Art-Gallery-Management-System-Project-1.0-Cross-Site-Scripting.htmlhttps://github.com/rahulpatwari/CVE/blob/main/CVE-2023-23161/CVE-2023-23161.txthttps://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip
2023-02-10
Published