CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-28129

Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.2%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://www.exploit-db.com/exploits/48941
https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html
https://www.exploit-db.com/exploits/48941
https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html

Products affected by CVE-2020-28129

Adrianmercurio » Gym Management System » Version: 1.0

cpe:2.3:a:adrianmercurio:gym_management_system:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-28129

Products

Pricing

Contact Us