CVE-2024-30987

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.2%

top 64.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Client Management System

Timeline

PublishedApr 17

Description

Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the fromdate and todate parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:LExploitability: 2.1 | Impact: 4.7

Affected Packages1 packages

▶NVDphpgurukul/client_management_system1.1

🔴Vulnerability Details

CVEList

CVE-2024-30987: Cross Site Scripting vulnerability in /bwdates-reports-ds↗2024-04-17

▶

GHSA

GHSA-7vxm-rrx8-jp2v: Cross Site Scripting vulnerability in /bwdates-reports-ds↗2024-04-17

▶