First published: Tue Nov 17 2020(Updated: )
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Gym Management System Project Gym Management System | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-28129.
The severity of CVE-2020-28129 is medium with a CVSS score of 6.1.
The vulnerability allows users to inject and store arbitrary JavaScript code in index.php?page=packages via the 'Package Name' and 'Description' fields.
We do not provide information on how to exploit vulnerabilities. It is recommended to follow responsible disclosure guidelines and report the vulnerability to the vendor.
It is recommended to update to a patched version of SourceCodester Gym Management System that addresses the XSS vulnerability.