By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.
Loading CVE list…
CVE Name
Severity Score
Published Date
CISA KEV
Take These Insights to the Next Level
Armis now offers direct API access to Armis Vulnerability Intelligence Database through the AWS Marketplace, transforming it from a powerful research tool into an integrated component of your proactive security posture.
Seamless Integration: Directly feed Armis's contextual data into your existing stack.
Automated Workflows: Automate vulnerability lookups in real-time.
Custom Solutions: Use the raw data to build custom dashboards, reports, alerts.
See everything.Identify true risk.Proactively mitigate threats.Book a Demo
Let's talk!
CVE-2023-0527:
Loading CVE details…
CVE-2023-0527 | Medium Severity | Armis
, an attacker can cause arbitrary script execution in the context of other users' browsers. This vulnerability can be exploited remotely and requires no special permissions, making it particularly dangerous. The vulnerability has been publicly disclosed with proof-of-concept code available.\n","datePublished":"2023-01-27T11:15:12.000Z","dateModified":"2026-05-13T09:02:40.853Z","keywords":"Medium, 2023, CVE, vulnerability, cybersecurity, CVSS","url":"https://cve.armis.com/CVE-2023-0527","author":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"publisher":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"license":"https://creativecommons.org/licenses/by-nc-sa/4.0/","isBasedOn":{"@type":"WebPage","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0527","name":"NVD CVE-2023-0527"},"additionalProperty":[{"@type":"PropertyValue","name":"CVSS Score","value":"6.1"},{"@type":"PropertyValue","name":"Severity","value":"Medium"},{"@type":"PropertyValue","name":"EPSS Score","value":"8.97%"},{"@type":"PropertyValue","name":"EPSS Percentile","value":"93th"},{"@type":"PropertyValue","name":"Attack Vector","value":"NETWORK"},{"@type":"PropertyValue","name":"Attack Complexity","value":"LOW"},{"@type":"PropertyValue","name":"Privileges Required","value":"NONE"},{"@type":"PropertyValue","name":"User Interaction","value":"REQUIRED"},{"@type":"PropertyValue","name":"Scope","value":"CHANGED"},{"@type":"PropertyValue","name":"Confidentiality Impact","value":"LOW"},{"@type":"PropertyValue","name":"Integrity Impact","value":"LOW"},{"@type":"PropertyValue","name":"Availability Impact","value":"NONE"}]},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is CVE-2023-0527?","acceptedAnswer":{"@type":"Answer","text":"Cross-Site Scripting vulnerability in PHPGurukul Online Security Guards Hiring System 1.0\n"}},{"@type":"Question","name":"How severe is CVE-2023-0527?","acceptedAnswer":{"@type":"Answer","text":"CVE-2023-0527 has a CVSS score of 6.1 (Medium severity). EPSS score: 8.97% (93th percentile), indicating the estimated probability of exploitation in the wild."}},{"@type":"Question","name":"How do I fix CVE-2023-0527?","acceptedAnswer":{"@type":"Answer","text":"To remediate this vulnerability, system administrators should:\n1. Update to a newer version of PHPGurukul Online Security Guards Hiring System if available\n2. If updates are not available, implement proper input validation and output encoding:\n - Sanitize all user inputs, particularly the 'searchdata' parameter\n - Implement context-appropriate output encoding when reflecting user input\n - Consider implementing Content Security Policy (CSP) headers to mitigate XSS attacks\n3. Apply input validation to reject potentially malicious characters in the 'searchdata' parameter\n4. Ensure all user-supplied data is properly escaped before being included in HTML responses\n5. Consider using security libraries or frameworks that provide built-in protection against XSS vulnerabilities\n"}},{"@type":"Question","name":"Is CVE-2023-0527 actively exploited?","acceptedAnswer":{"@type":"Answer","text":"Known exploits exist for this vulnerability."}}]},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://cve.armis.com/"},{"@type":"ListItem","position":2,"name":"CVE-2023-0527","item":"https://cve.armis.com/CVE-2023-0527"}]}]
CVE-2023-0527:
Cross-Site Scripting vulnerability in PHPGurukul Online Security Guards Hiring System 1.0
Score
A numerical rating that indicates how dangerous this vulnerability is.
6.1Medium
Published Date:Jan 27, 2023
CISA KEV Date:*No Data*
Industries Affected:20
Threat Predictions
EPSS Score:9.0
EPSS Percentile:93%
Exploitability
Score:2.8
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:
REQUIRED
Scope:CHANGED
Impact
Score:2.7
Confidentiality Impact:LOW
Integrity Impact:LOW
Availability Impact:NONE
Description Preview
Cross-Site Scripting vulnerability in PHPGurukul Online Security Guards Hiring System 1.0
Overview
This vulnerability (CVE-2023-0527) affects the PHPGurukul Online Security Guards Hiring System version 1.0. The issue stems from improper input validation in the search-request.php file, where the 'searchdata' parameter accepts and reflects user input without adequate sanitization. By submitting specially crafted input containing JavaScript code such as ">alert(document.domain), an attacker can cause arbitrary script execution in the context of other users' browsers. This vulnerability can be exploited remotely and requires no special permissions, making it particularly dangerous. The vulnerability has been publicly disclosed with proof-of-concept code available.
Remediation
To remediate this vulnerability, system administrators should:
Update to a newer version of PHPGurukul Online Security Guards Hiring System if available
If updates are not available, implement proper input validation and output encoding:
Sanitize all user inputs, particularly the 'searchdata' parameter
Implement context-appropriate output encoding when reflecting user input
