A hacker can exploit this XSS flaw to execute arbitrary script code in the browser of an unsuspecting user. XSS vulnerabilities often lead to the hijacking of user credentials, as well as to the installation of malware on a targeted system. XSS is not the only threat. Other security issues have been discovered in Library Management System v1.0, such as a possible application cross-site request forgery (CSRF) vulnerability via /librarian/edit_book_details.php.

CVE-2019-6123 A hacker can exploit a vulnerability in the component /admin/images.php to send a CSRF payload to the targeted server, allowing them to hijack the server’s functionality.

CVE-2019-6124 A hacker can exploit a XSS flaw in the component /admin/profile_edit.php to send a crafted request to the targeted server, resulting in the execution of script code in the context of the server’s domain.

CVE-2019-6125 A hacker can exploit a XSS flaw in the component /admin/book_view.php to send a crafted request to the targeted server, resulting in the execution of script code in the context of the server’s domain.

CVE-2019-6126 A hacker can exploit a XSS flaw in the component /admin/log_view.php to send a crafted request to the targeted server, resulting in the execution of script code in

Timeline

Published on: 08/30/2022 21:15:00 UTC
Last modified on: 09/01/2022 06:59:00 UTC

References