Cross Site Scripting Vulnerability in PHPGurukul Small CRM
CVE-2024-44647

6.1MEDIUM

Key Information:

Vendor: PHPGurukul
Status: Small CRM
Vendor: CVE Published:; 17 November 2025

What is CVE-2024-44647?

PHPGurukul Small CRM 3.0 contains a Cross Site Scripting (XSS) vulnerability that allows attackers to inject arbitrary scripts via the aremark parameter in the manage-tickets.php file. Successful exploitation can lead to unauthorized actions on behalf of users and potential data compromise.

References

https://phpgurukul.com/small-crm-php/

https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Aug 21, 2024

JSON