Cross Site Scripting Flaw in PHPGurukul Land Record System
CVE-2024-57686
9.8CRITICAL
Summary
A Cross Site Scripting (XSS) vulnerability exists in the PHPGurukul Land Record System version 1.0, specifically within the contactus.php file. This flaw allows remote attackers to craft malicious requests that exploit the 'pagetitle' parameter. By injecting executable scripts, attackers can manipulate user sessions, redirect users to harmful sites, or steal sensitive information. Proper sanitization and validation of user inputs are essential for mitigating this risk.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
Mitre Database