Attackers Can Execute Arbitrary JavaScript Code via CSRF and XSS in PHPGurukul Online Shopping Portal Project
CVE-2024-39090
Currently unrated
Key Information:
- Vendor
PHPGurukul
- Status
- Vendor
- CVE Published:
- 18 July 2024
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2024-39090?
The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentially leading to account takeover.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.