Cross Site Scripting Vulnerability in PHPGurukul Maid Hiring Management System
CVE-2024-13015
5.1MEDIUM
Key Information:
- Vendor
- PHPgurukul
- Vendor
- CVE Published:
- 29 December 2024
Summary
A vulnerability exists within the PHPGurukul Maid Hiring Management System affecting version 1.0, specifically in the file '/admin/search-booking-request.php'. This issue arises from the improper handling of the 'searchdata' argument, allowing malicious actors to execute cross site scripting (XSS) attacks remotely. Exploitation of this vulnerability can lead to the injection of arbitrary scripts into web pages viewed by users, potentially compromising sensitive information and user sessions.
Affected Version(s)
Maid Hiring Management System 1.0
References
CVSS V4
Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Fergod (VulDB User)