Bus Pass Management System
CVE-2021-44317
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
In Bus Pass Management System v1.0, parameters 'pagedes' and About Us are affected with a Stored Cross-site scripting vulnerability.
AnalysisAI
In Bus Pass Management System v1.0, parameters 'pagedes' and About Us are affected with a Stored Cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. In Bus Pass Management System v1.0, parameters 'pagedes' and About Us are affected with a Stored Cross-site scripting vulnerability. Affected products include: Phpgurukul Bus Pass Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Bus Pass Management System
View allBus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /
Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to
A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. Rated medium
Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the s
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allo
phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-det
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today