Reflected Cross-Site Scripting Vulnerability in Phpgurukul Tourism Management System
CVE-2024-41333

6.1MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Tourism Management System
Vendor: CVE Published:; 6 August 2024

Summary

A reflected cross-site scripting (XSS) vulnerability has been identified in the Phpgurukul Tourism Management System v2.0. This vulnerability permits attackers to inject malicious payloads through the 'uname' parameter, enabling them to execute arbitrary code within the context of a victim's browser. Exploiting this flaw could allow unauthorized access to sensitive user information and facilitate further attacks. Implementing input validation and output encoding measures could mitigate this risk and protect user data.

References

https://www.linkedin.com/in/sampath-kumar-kadajari-4b18891a7

https://packetstormsecurity.com/files/179891/Tourism-Mana...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 6, 2024