gsd-2023-36317
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-36317", "id": "GSD-2023-36317" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-36317" ], "details": "Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL.", "id": "GSD-2023-36317", "modified": "2023-12-13T01:20:34.154042Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2023-36317", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.sourcecodester.com", "refsource": "MISC", "url": "https://www.sourcecodester.com" }, { "name": "https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code", "refsource": "MISC", "url": "https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code" }, { "name": "https://github.com/oye-ujjwal/CVE/blob/main/CVE-2023-36317", "refsource": "MISC", "url": "https://github.com/oye-ujjwal/CVE/blob/main/CVE-2023-36317" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:student_study_center_desk_management_system_project:student_study_center_desk_management_system:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2023-36317" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-79" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code", "refsource": "MISC", "tags": [ "Product" ], "url": "https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code" }, { "name": "https://www.sourcecodester.com", "refsource": "MISC", "tags": [ "Not Applicable" ], "url": "https://www.sourcecodester.com" }, { "name": "https://github.com/oye-ujjwal/CVE/blob/main/CVE-2023-36317", "refsource": "MISC", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/oye-ujjwal/CVE/blob/main/CVE-2023-36317" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 1.7, "impactScore": 2.7 } }, "lastModifiedDate": "2023-08-25T13:19Z", "publishedDate": "2023-08-23T22:15Z" } } }
Loading...