免费扫描
LOWCVE-2023-6442CVSS 3.5

PHPGurukul Nipah Virus Testing Management System add-phlebotomist.php cross site scripting

翻译中…

平台

php

组件

niv_testing_sxss

修复版本

1.0.1

AI Confidence: highNVDEPSS 0.1%已审阅: 2026年5月
在NVD查看
保存
正在翻译为您的语言…

CVE-2023-6442 is a cross-site scripting (XSS) vulnerability affecting the PHPGurukul Nipah Virus Testing Management System versions 1.0 through 1.0. This vulnerability allows attackers to inject malicious scripts into the application, potentially compromising user data and session integrity. A fix is available in version 1.0.1.

影响与攻击场景翻译中…

Successful exploitation of CVE-2023-6442 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious activities, including session hijacking, phishing attacks, and defacement of the application. Sensitive information, such as patient data or administrative credentials, could be stolen. The impact is amplified if the application is used in a healthcare setting, where patient privacy is paramount. The vulnerability's remote accessibility means attackers don't need local access to exploit it.

利用背景翻译中…

This vulnerability has been publicly disclosed and a corresponding identifier (VDB-246445) has been assigned. While the CVSS score is LOW, the ease of exploitation and potential impact on sensitive data warrant prompt remediation. No active exploitation campaigns have been publicly reported as of the publication date, but the availability of a public exploit increases the risk of future attacks. The vulnerability was published on 2023-11-30.

哪些人处于风险中翻译中…

Healthcare organizations utilizing the Nipah Virus Testing Management System are particularly at risk, as the application likely handles sensitive patient data. Organizations with legacy configurations or those who haven't implemented robust input validation practices are also more vulnerable. Shared hosting environments where multiple applications share the same server resources could also be affected if one application is compromised.

检测步骤翻译中…

• php: Examine the add-phlebotomist.php file for unsanitized use of the empid and fullname parameters in output. Look for patterns like echo $_GET['empid']; or similar without proper escaping.

// Example of vulnerable code
echo $_GET['empid'];

• generic web: Monitor access logs for requests to add-phlebotomist.php containing suspicious characters or patterns commonly used in XSS attacks (e.g., <script>, <iframe>).

grep -i '<script' /var/log/apache2/access.log

• generic web: Check response headers for the presence of X-XSS-Protection or Content-Security-Policy headers, which can help mitigate XSS attacks. Ensure these headers are properly configured.

攻击时间线

  1. Disclosure

    disclosure

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露

EPSS

0.15% (35% 百分位)

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N3.5LOWAttack VectorNetwork攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredLow攻击所需的认证级别User InteractionRequired是否需要受害者采取行动ScopeUnchanged超出受影响组件的影响范围ConfidentialityNone敏感数据泄露风险IntegrityLow数据未授权篡改风险AvailabilityNone服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
低 — 任何有效用户账户均可。
User Interaction
需要 — 受害者必须打开文件、点击链接或访问特制页面。
Scope
未改变 — 影响仅限于脆弱组件本身。
Confidentiality
无 — 无机密性影响。
Integrity
低 — 攻击者可修改部分数据,影响有限。
Availability
无 — 无可用性影响。

受影响的软件

组件niv_testing_sxss
供应商PHPGurukul
影响范围修复版本
1.0 – 1.01.0.1

弱点分类 (CWE)

CWE-79

时间线

  1. 已保留
  2. 发布日期
  3. 修改日期
  4. EPSS 更新日期

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2023-6442 is to upgrade to version 1.0.1 of the Nipah Virus Testing Management System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the add-phlebotomist.php file to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Thoroughly review and sanitize all user inputs to prevent malicious code injection.

修复方法翻译中…

Actualizar a una versión parcheada o aplicar las mitigaciones proporcionadas por el proveedor. Validar y limpiar las entradas del usuario en el archivo add-phlebotomist.php, especialmente los parámetros empid y fullname, para evitar la inyección de código malicioso. Implementar una política de seguridad de contenido (CSP) para mitigar los ataques XSS.

CVE 安全通讯

漏洞分析和关键警报直接发送到您的邮箱。

常见问题翻译中…

What is CVE-2023-6442 — XSS in Nipah Virus Testing Management System?

CVE-2023-6442 is a cross-site scripting (XSS) vulnerability in PHPGurukul Nipah Virus Testing Management System versions 1.0–1.0, allowing attackers to inject malicious scripts.

Am I affected by CVE-2023-6442 in Nipah Virus Testing Management System?

You are affected if you are using PHPGurukul Nipah Virus Testing Management System version 1.0. Upgrade to version 1.0.1 to mitigate the risk.

How do I fix CVE-2023-6442 in Nipah Virus Testing Management System?

Upgrade to version 1.0.1. As a temporary workaround, implement input validation and output encoding on the add-phlebotomist.php file.

Is CVE-2023-6442 being actively exploited?

While no active exploitation campaigns have been publicly reported, the vulnerability is publicly disclosed and may be exploited.

Where can I find the official PHPGurukul advisory for CVE-2023-6442?

Refer to the VDB identifier VDB-246445 for details and potentially related advisories.

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE