Cross site scripting in PHP Gurukul Shopping v3.1

Multiple cross site scripting vulnerabilities are present inĀ PHP Gurukul Shopping v3.1. The following is detailed information about these vulnerabilities:

file: admin/assets/plugins/DataTables/examples/server_side/scripts/id_jsonp.php
line: 195
HTTP Parameter name: callback

file: admin/assets/plugins/DataTables/examples/server_side/scripts/jsonp.php
line: 190
HTTP Parameter name: callback,

file: admin/assets/plugins/DataTables/examples/server_side/scripts/objects_jsonp.php,
line:  192
HTTP Parameter name: callback,

file: admin/assets/plugins/DataTables/examples/examples_support/editable_ajax.php,
line: 2
HTTP Parameter name: value,

file: admin/assets/plugins/jquery-validation/demo/captcha/index.php
line: 55
HTTP Parameter name: PHP_SELF


Above vulnerabilities are published at CVE-2021-39412

This vulnerability was detected as part of the DARPA CHESS program