Platform
php
Component
niv_testing_sxss
Fixed in
1.0.1
CVE-2023-6442 is a cross-site scripting (XSS) vulnerability affecting the PHPGurukul Nipah Virus Testing Management System versions 1.0 through 1.0. This vulnerability allows attackers to inject malicious scripts into the application, potentially compromising user data and session integrity. A fix is available in version 1.0.1.
Successful exploitation of CVE-2023-6442 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious activities, including session hijacking, phishing attacks, and defacement of the application. Sensitive information, such as patient data or administrative credentials, could be stolen. The impact is amplified if the application is used in a healthcare setting, where patient privacy is paramount. The vulnerability's remote accessibility means attackers don't need local access to exploit it.
This vulnerability has been publicly disclosed and a corresponding identifier (VDB-246445) has been assigned. While the CVSS score is LOW, the ease of exploitation and potential impact on sensitive data warrant prompt remediation. No active exploitation campaigns have been publicly reported as of the publication date, but the availability of a public exploit increases the risk of future attacks. The vulnerability was published on 2023-11-30.
Exploit Status
EPSS
0.15% (35% percentile)
CVSS Vector
The primary mitigation for CVE-2023-6442 is to upgrade to version 1.0.1 of the Nipah Virus Testing Management System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the add-phlebotomist.php file to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Thoroughly review and sanitize all user inputs to prevent malicious code injection.
Update to a patched version or apply the mitigations provided by the vendor. Validate and sanitize user inputs in the add-phlebotomist.php file, especially the empid and fullname parameters, to prevent malicious code injection. Implement a content security policy (CSP) to mitigate XSS attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-6442 is a cross-site scripting (XSS) vulnerability in PHPGurukul Nipah Virus Testing Management System versions 1.0–1.0, allowing attackers to inject malicious scripts.
You are affected if you are using PHPGurukul Nipah Virus Testing Management System version 1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1. As a temporary workaround, implement input validation and output encoding on the add-phlebotomist.php file.
While no active exploitation campaigns have been publicly reported, the vulnerability is publicly disclosed and may be exploited.
Refer to the VDB identifier VDB-246445 for details and potentially related advisories.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.