Arbitrary Code Execution via Cross Site Scripting (XSS) in PHPGurukul Beauty Parlour Management System v1.0

Arbitrary Code Execution via Cross Site Scripting (XSS) in PHPGurukul Beauty Parlour Management System v1.0

CVE-2021-27544 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter.

Learn more about our Web Application Penetration Testing UK.