Cross-Site Scripting Vulnerability in Phpgurukul Online Birth Certificate System
CVE-2024-55056

Currently unrated

Key Information:

Vendor: Phpgurukul
Status: Online Birth Certificate System
Vendor: CVE Published:; 17 December 2024

What is CVE-2024-55056?

CVE-2024-55056 is a critical stored cross-site scripting (XSS) vulnerability found in version 1.0 of the Phpgurukul Online Birth Certificate System. The vulnerability resides in the user input handling mechanics of the application, specifically within the '/user/certificate-form.php' script, where unsanitized data from the full name field can lead to arbitrary JavaScript execution in the context of a user's browser. This could allow an attacker to execute malicious scripts, potentially leading to unauthorized actions, theft of user credentials, or data exfiltration, thereby compromising user security and privacy.

References

https://github.com/SCR-athif/CVE/tree/main/CVE-2024-55056

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2024