CVE-2023-3060 — Cross-site Scripting in Agro-school Management System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA3.5

EPSS

0.1%

top 74.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Agro-school Management System Agro-school Management System Project Agro-school Management System

Timeline

PublishedJun 2

Description

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btn_functions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated remotely. VDB-230566 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5code-projects/agro-school_management_system1.0

▶NVDagro-school_management_system_project/agro-school_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-pmh5-h2qr-3h74: A vulnerability has been found in code-projects Agro-School Management System 1↗2023-06-02

▶

CVEList

code-projects Agro-School Management System btn_functions.php doAddQuestion cross site scripting↗2023-06-02

▶