Platform
php
Component
restaurant-table-booking-system
Fixed in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in PHPGurukul Restaurant Table Booking System versions 1.0 through 1.0. This vulnerability allows attackers to inject malicious scripts, potentially compromising user sessions and data. The affected component is the Reservation Request Handler, specifically the index.php file. A patch is available in version 1.0.1.
Successful exploitation of CVE-2023-6075 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, credential theft, and defacement of the application. An attacker could potentially gain access to sensitive user data, such as reservation details and personal information. The blast radius is limited to users interacting with the vulnerable Reservation Request Handler.
This vulnerability is publicly disclosed and assigned VDB-244944. No known active exploitation campaigns have been reported at the time of writing. The CVSS score is LOW, indicating a relatively low probability of exploitation in the absence of specific targeting. No KEV listing is present.
Exploit Status
EPSS
0.07% (21% percentile)
CVSS Vector
The primary mitigation for CVE-2023-6075 is to upgrade to version 1.0.1 of the PHPGurukul Restaurant Table Booking System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the Reservation Request Handler to sanitize user-supplied data. While a WAF might offer some protection, it's not a substitute for patching. After upgrade, confirm the vulnerability is resolved by attempting to inject a simple XSS payload into the reservation request form.
Update to a patched version or apply the necessary security measures to prevent code injection (XSS) in the index.php file. Validate and sanitize user inputs before displaying them on the page.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-6075 is a cross-site scripting (XSS) vulnerability affecting PHPGurukul Restaurant Table Booking System versions 1.0–1.0, allowing attackers to inject malicious scripts.
You are affected if you are using PHPGurukul Restaurant Table Booking System version 1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1 of the PHPGurukul Restaurant Table Booking System. Implement input validation and output encoding as a temporary workaround.
No active exploitation campaigns have been reported, but the vulnerability is publicly disclosed and could be targeted.
Refer to the PHPGurukul website or relevant security advisories for the official advisory regarding CVE-2023-6075.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.