Stored XSS Vulnerability in Garage Management System v1.0 Allows Arbitrary Code Execution via Crafted Payload in Name Parameter

Stored XSS Vulnerability in Garage Management System v1.0 Allows Arbitrary Code Execution via Crafted Payload in Name Parameter

CVE-2022-36639 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.

Learn more about our Web App Pen Testing.