Cross Site Scripting Vulnerability in PHPGurukul Online Shopping Portal
CVE-2024-44661

5.4MEDIUM

Key Information:

Vendor: PHPGurukul
Status: Online Shopping Portal
Vendor: CVE Published:; 17 November 2025

What is CVE-2024-44661?

The PHPGurukul Online Shopping Portal 2.0 has a vulnerability that allows attackers to exploit Cross Site Scripting (XSS) through the quantity parameter in the my-cart.php file. This flaw could enable unauthorized scripts to execute in the context of a user's session, potentially leading to data theft or unauthorized actions on behalf of the user. Webmasters and administrators are advised to promptly apply patches or updates to mitigate this risk. For additional information, refer to the official resources.

References

https://phpgurukul.com/shopping-portal-free-download/

https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Aug 21, 2024

JSON