cvelistv5 - cve-2023-36317

cve-2023-36317

Vulnerability from cvelistv5

Published

2023-08-23 00:00

Modified

2024-08-02 16:45

Severity

Summary

Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL.

References

Source	URL	Tags
cve@mitre.org	https://github.com/oye-ujjwal/CVE/blob/main/CVE-2023-36317	Exploit, Third Party Advisory
cve@mitre.org	https://www.sourcecodester.com	Not Applicable
cve@mitre.org	https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code	Product

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:45:56.337Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sourcecodester.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/oye-ujjwal/CVE/blob/main/CVE-2023-36317"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-23T21:33:47.791145",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.sourcecodester.com"
        },
        {
          "url": "https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code"
        },
        {
          "url": "https://github.com/oye-ujjwal/CVE/blob/main/CVE-2023-36317"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-36317",
    "datePublished": "2023-08-23T00:00:00",
    "dateReserved": "2023-06-21T00:00:00",
    "dateUpdated": "2024-08-02T16:45:56.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-36317\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-08-23T22:15:08.550\",\"lastModified\":\"2024-09-07T12:56:42.300\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Cross-Site Scripting (XSS) en sourcecodester Student Study Center Desk Management System v1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud GET a la URL de la aplicaci\u00f3n web. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oretnom23:student_study_center_desk_management_system:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DD3233D-01A2-4779-9E48-F3495A5E56D1\"}]}]}],\"references\":[{\"url\":\"https://github.com/oye-ujjwal/CVE/blob/main/CVE-2023-36317\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.sourcecodester.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]}]}}"
  }
}

Action not permitted

cve-2023-36317

Vulnerability from cvelistv5

ghsa-7chm-r5mr-rv4x

Vulnerability from github

gsd-2023-36317

Vulnerability from gsd

Tags