Cross Site Scripting Vulnerability in PHPGurukul Land Record System
CVE-2024-13083

5.3MEDIUM

Key Information:

Vendor
PHPgurukul
Status
Land Record System
Vendor
CVE Published:
31 December 2024

Summary

A vulnerability has been identified in PHPGurukul Land Record System 1.0, specifically within the functionality of the file /admin/admin-profile.php. This vulnerability arises due to improper handling of the Admin Name argument, which allows for cross site scripting (XSS) attacks. Attackers can exploit this vulnerability remotely, leading to potential unauthorized actions on behalf of users. The exploit has been publicly disclosed, raising concerns for users of such systems.

Affected Version(s)

Land Record System 1.0

References

https://vuldb.com/?id.289836
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289836
signaturepermissions-required
https://vuldb.com/?submit.472194
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Fergod (VulDB User)
.