Cross Site Scripting Vulnerability in PHPGurukul Land Record System
CVE-2024-13080

5.1MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Land Record System
Vendor: CVE Published:; 31 December 2024

What is CVE-2024-13080?

A vulnerability exists in the PHPGurukul Land Record System version 1.0, specifically affecting the /admin/aboutus.php file. This vulnerability allows an attacker to manipulate the Page Description argument, leading to cross site scripting (XSS) attacks. As a result, remote exploitation is feasible, allowing attackers to inject malicious scripts into web pages viewed by other users. The exploit has been publicly disclosed, increasing the urgency for affected users to address this security issue.

Affected Version(s)

Land Record System 1.0

References

https://vuldb.com/?id.289833

vdb-entrytechnical-description

https://vuldb.com/?ctiid.289833

signaturepermissions-required

https://vuldb.com/?submit.472190

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 31, 2024

Credit

Fergod (VulDB User)

PHPgurukul

What is CVE-2024-13080?

Affected Version(s)

References

CVSS V4

Timeline

Credit