Cross Site Scripting Vulnerability in PHPGurukul Complaint Management System
CVE-2024-44655

6.1MEDIUM

Key Information:

Vendor

PHPGurukul
Status
Complaint Management System
Vendor
CVE Published:
17 November 2025

What is CVE-2024-44655?

The PHPGurukul Complaint Management System version 2.0 contains a vulnerability that allows attackers to exploit Cross Site Scripting (XSS) via the search parameter in user-search.php. This weakness can enable attackers to execute arbitrary scripts in the context of users' browsers, potentially compromising sensitive user data and altering the site’s content. It is crucial for users of this software to implement necessary security measures to protect their applications from such attacks.

References

https://phpgurukul.com/complaint-management-sytem
https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2024-44655 : Cross Site Scripting Vulnerability in PHPGurukul Complaint Management System