cve/2021/CVE-2021-43137.md

CVE-2021-43137

Description

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.

POC

Reference

• https://www.exploit-db.com/exploits/50461

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/dn0m1n8tor/dn0m1n8tor