CVE-2024-30986

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 64.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Client Management System

Timeline

PublishedApr 17

Description

Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via "price" and "sname" parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:LExploitability: 2.3 | Impact: 3.7

Affected Packages1 packages

▶NVDphpgurukul/client_management_system1.1

🔴Vulnerability Details

GHSA

GHSA-47vj-cjq6-8x67: Cross Site Scripting vulnerability in /edit-services-details↗2024-04-17

▶

CVEList

CVE-2024-30986: Cross Site Scripting vulnerability in /edit-services-details↗2024-04-17

▶