Cross site scripting in PHP Gurukul Shopping v3.1

Cross site scripting in PHP Gurukul Shopping v3.1 Heading link

Multiple cross site scripting vulnerabilities are present in PHP Gurukul Shopping v3.1. The following is detailed information about these vulnerabilities:

file: admin/assets/plugins/DataTables/examples/server_side/scripts/id_jsonp.php
line: 195
HTTP Parameter name: callback

file: admin/assets/plugins/DataTables/examples/server_side/scripts/jsonp.php
line: 190
HTTP Parameter name: callback,

file: admin/assets/plugins/DataTables/examples/server_side/scripts/objects_jsonp.php,
line:  192
HTTP Parameter name: callback,

file: admin/assets/plugins/DataTables/examples/examples_support/editable_ajax.php,
line: 2
HTTP Parameter name: value,

file: admin/assets/plugins/jquery-validation/demo/captcha/index.php
line: 55
HTTP Parameter name: PHP_SELF

Above vulnerabilities are published at CVE-2021-39412

This vulnerability was detected as part of the DARPA CHESS program

Systems and Internet Security Lab

UIC Computer Science

Cross site scripting in PHP Gurukul Shopping v3.1

Cross site scripting in PHP Gurukul Shopping v3.1 Heading link

Cross site scripting in PHP Gurukul Shopping v3.1

Cross site scripting in PHP Gurukul Shopping v3.1 Heading link Copy link

Cross site scripting in PHP Gurukul Shopping v3.1 Heading link