Vulnerability Details CVE-2021-42664
A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.4%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- http://packetstormsecurity.com/files/164618/Engineers-Online-Portal-1.0-SQL-Injection.html
- https://github.com/TheHackingRabbi/CVE-2021-42664
- https://www.exploit-db.com/exploits/50451
- https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html
- http://packetstormsecurity.com/files/164618/Engineers-Online-Portal-1.0-SQL-Injection.html
- https://github.com/TheHackingRabbi/CVE-2021-42664
- https://www.exploit-db.com/exploits/50451
- https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html
Products affected by CVE-2021-42664
-
cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:1.0