Cross-Site Scripting Vulnerability in Phpgurukul Online Birth Certificate System
CVE-2024-55056

Currently unrated

Key Information:

Vendor
Phpgurukul
Status
Online Birth Certificate System
Vendor
CVE Published:
17 December 2024

Summary

CVE-2024-55056 is a critical stored cross-site scripting (XSS) vulnerability found in version 1.0 of the Phpgurukul Online Birth Certificate System. The vulnerability resides in the user input handling mechanics of the application, specifically within the '/user/certificate-form.php' script, where unsanitized data from the full name field can lead to arbitrary JavaScript execution in the context of a user's browser. This could allow an attacker to execute malicious scripts, potentially leading to unauthorized actions, theft of user credentials, or data exfiltration, thereby compromising user security and privacy.

References

https://github.com/SCR-athif/CVE/tree/main/CVE-2024-55056
https://github.com/SCR-athif/CVE/tree/main/CVE-2024-55056

Timeline

  • Vulnerability published

.