CVE-2023-6297

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 59.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Nipah Virus Testing Management System

Timeline

PublishedNov 26

Latest updateNov 27

Description

A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input alert(document.cookie) leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5phpgurukul/nipah_virus_testing_management_system1.0

▶NVDphpgurukul/nipah_virus_testing_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-w7mv-mj8m-r6g3: A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1↗2023-11-27

▶

CVEList

PHPGurukul Nipah Virus Testing Management System Search Report Page patient-search-report.php cross site scripting↗2023-11-26

▶