Cross Site Scripting Vulnerability in PHPGurukul Land Record System
CVE-2024-13074

5.3MEDIUM

Key Information:

Vendor
PHPgurukul
Status
Land Record System
Vendor
CVE Published:
31 December 2024

Summary

A vulnerability has been identified in PHPGurukul Land Record System version 1.0, specifically within the index.php file. This issue arises from improper handling of the 'searchdata' argument, which allows for cross site scripting (XSS) attacks. Attackers can exploit this vulnerability remotely, presenting significant security risks to users and data integrity. The vulnerability has been publicly disclosed and can be leveraged if adequate precautions are not taken by users of the affected system.

Affected Version(s)

Land Record System 1.0

References

https://vuldb.com/?id.289827
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289827
signaturepermissions-required
https://vuldb.com/?submit.472181
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Havook (VulDB User)
.