Description

install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.

Related CPE's

a

campcodes

complete_online_matrimonial_website_system_script

3.3

Vulnerable

References

http://packetstormsecurity.com/files/173950/Campcodes-Online-Matrimonial-Website-System-3.3-Cross-Site-Scripting.html

ExploitThird Party AdvisoryVDB Entry

https://github.com/Raj789-sec/CVE-2023-39115

Third Party Advisory

https://www.campcodes.com/projects/php/online-matrimonial-website-system-script-in-php/

Product

https://www.exploit-db.com/exploits/51656

ExploitThird Party AdvisoryVDB Entry

Weaknesses

[email protected]

Primary
CWE-434

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-16T15:15:11.113

11 months ago

Last modified

2023-08-22T18:14:03.050

11 months ago