Vulnerabilities (CVE)

Filtered by vendor Phpgurukul Subscribe
Filtered by product Hostel Management System
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-36939 1 Phpgurukul 1 Hostel Management System 2024-02-28 N/A 6.1 MEDIUM
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field.
CVE-2023-34647 1 Phpgurukul 1 Hostel Management System 2024-02-28 N/A 6.1 MEDIUM
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-36376 1 Phpgurukul 1 Hostel Management System 2024-02-28 N/A 4.8 MEDIUM
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section.
CVE-2023-36375 1 Phpgurukul 1 Hostel Management System 2024-02-28 N/A 5.4 MEDIUM
Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.
CVE-2023-34652 1 Phpgurukul 1 Hostel Management System 2024-02-28 N/A 6.1 MEDIUM
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.
CVE-2021-43137 1 Phpgurukul 1 Hostel Management System 2024-02-28 6.8 MEDIUM 8.8 HIGH
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.
CVE-2020-25270 1 Phpgurukul 1 Hostel Management System 2024-02-28 3.5 LOW 5.4 MEDIUM
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.
CVE-2020-5510 1 Phpgurukul 1 Hostel Management System 2024-02-28 10.0 HIGH 9.8 CRITICAL
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.