Stored Cross-Site Scripting Vulnerability in PHPGURUKUL Online Birth Certificate System
CVE-2024-57175

5.4MEDIUM

Key Information:

Vendor: PHPGURUKUL
Status: Online Birth Certificate System
Vendor: CVE Published:; 3 February 2025

Summary

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the PHPGURUKUL Online Birth Certificate System v1.0. This vulnerability allows attackers to inject malicious scripts into the user profile name field, which can then be executed when other users access the affected pages, such as /user/certificate-form.php. This can lead to compromised user data and potential unauthorized actions. Proper validation and sanitization of user inputs are crucial to mitigate the risks associated with this type of vulnerability.

References

https://github.com/Ajmal101/CVE-2024-57175/blob/main/READ...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Jan 9, 2025