Cross-Site Scripting Vulnerability in PHPGurukul Maid Hiring Management System
CVE-2024-13017

5.1MEDIUM

Key Information:

Vendor
PHPgurukul
Status
Maid Hiring Management System
Vendor
CVE Published:
29 December 2024

Summary

A vulnerability in the PHPGurukul Maid Hiring Management System version 1.0 has been identified within the 'About Us' component, specifically affecting the '/admin/aboutus.php' file. This issue allows an attacker to manipulate the 'title' argument, enabling cross-site scripting (XSS) exploits. The vulnerability can be exploited remotely, putting users at risk of malicious code execution and data theft through injected scripts. It is crucial for organizations using this system to address the underlying issue to prevent potential security breaches.

Affected Version(s)

Maid Hiring Management System 1.0

References

https://vuldb.com/?id.289708
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289708
signaturepermissions-required
https://vuldb.com/?submit.470481
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Fergod (VulDB User)
.