Reflected Cross Site Scripting Vulnerability in PHPGurukul Old Age Home Management System
CVE-2024-40484

6.1MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Old Age Home Management System
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-40484?

A vulnerability has been identified in the Old Age Home Management System, specifically in the search functionality located at '/oahms/search.php'. This Reflected Cross Site Scripting (XSS) flaw allows remote attackers to inject arbitrary scripts by manipulating the 'searchdata' parameter. If successfully exploited, this could enable attackers to perform unauthorized actions on behalf of authenticated users, compromising the integrity of the application and potentially leading to further security incidents.

References

https://github.com/takekaramey/CVE_Writeup/blob/main/PHPG...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Jul 5, 2024

PHPgurukul

What is CVE-2024-40484?

References

CVSS V3.1

Timeline