Skip to main content

Hostel Management System CVE-2023-36375

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-07-10 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 10, 2023 - 17:15 nvd
MEDIUM 5.4

DescriptionNVD

Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.

AnalysisAI

Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page. Affected products include: Phpgurukul Hostel Management System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2020-5510 CRITICAL POC
9.8 Jan 08

PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. Rated c

CVE-2025-45953 CRITICAL POC
9.1 Apr 28

A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user

CVE-2021-43137 HIGH POC
8.8 Dec 01

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via

CVE-2025-63611 HIGH POC
8.7 Jan 08

Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint)

CVE-2024-2481 MEDIUM POC
6.5 Mar 15

A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Rated medi

CVE-2023-36939 MEDIUM POC
6.1 Jul 10

Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code v

CVE-2020-25270 MEDIUM POC
5.4 Oct 08

PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, o

CVE-2024-12790 MEDIUM POC
5.3 Dec 19

A vulnerability was found in code-projects Hostel Management Site 1.0. Rated medium severity (CVSS 5.3), this vulnerabil

CVE-2023-36376 MEDIUM POC
4.8 Jul 10

Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scr

CVE-2024-2482 LOW POC
3.7 Mar 15

A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Rated low

CVE-2023-34647 MEDIUM
6.1 Jun 28

PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1),

CVE-2023-34652 MEDIUM
6.1 Jun 28

PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course. Rated medium se

Share

CVE-2023-36375 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy