Reflected Cross-Site Scripting Vulnerability in PHPGurukul User Registration & Login System
CVE-2024-48284

4.8MEDIUM

Key Information:

Vendor: PHPgurukul
Status: User Registration \& Login And User Management System
Vendor: CVE Published:; 14 November 2024

What is CVE-2024-48284?

A reflected Cross-Site Scripting (XSS) vulnerability exists in the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability can be exploited by remote attackers to execute arbitrary scripts through the manipulation of the searchkey parameter in a POST HTTP request. Victims accessing the compromised search-result.php page may unknowingly run malicious scripts, leading to potential data theft or unauthorized actions.

References

https://github.com/m14r41/Writeups/blob/main/CVE/phpGuruk...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2024

JSON

PHPgurukul

What is CVE-2024-48284?

References

CVSS V3.1

Timeline