An attacker can leverage this vector to inject arbitrary SQL commands into the application or retrieve existing data. Successfully exploiting this issue can result in a takeover of the application, access to restricted areas of the application, or the ability to perform any action the user has access to.

It was reported that a web server running the v1.0 version of Library Management System was vulnerable to a remote cross site request forgery (CSRF) vulnerability because the M_Id parameter did not validate input.

An attacker could trick a user into visiting a specially crafted website in order to force the user's browser to send requests instead of the user's will. This could result in the user unknowingly sending malicious requests to the application that would be executed by the application.

It was discovered that v1.0 of Library Management System was prone to a stored cross-site scripting (XSS) vulnerability because the application did not validate user-supplied input before displaying it.

An attacker could exploit this flaw to run arbitrary script code in the user's browser session. In general, XSS flaws can be exploited to access, modify, or delete data stored on the website hosting the application, or to redirect the user to another website where they would be authenticated.

It was determined that v1

Vulnerability summary

A cross site scripting vulnerability was found in Library Management System v1.0, which could be exploited by an attacker to run arbitrary script code in the user's browser session.

Timeline

Published on: 08/30/2022 21:15:00 UTC
Last modified on: 09/01/2022 07:01:00 UTC

References