CVE-2020-36115

MEDIUM

Egavilanmedia Phpcrud - XSS

Title source: rule

Description

Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'.

Exploits (1)

exploitdb WRITEUP

by Mahendra Purbia · textwebappsphp

https://www.exploit-db.com/exploits/49484

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49484

Scores

CVSS v3 5.4

EPSS 0.0018

EPSS Percentile 39.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

egavilanmedia/phpcrud 1.0

Published Jan 28, 2021

Tracked Since Feb 18, 2026