CVE-2024-37798 — Cross-site Scripting in Beauty Parlour Management System

CWE-79 — Cross-site Scripting19 documents5 sources

Severity

5.9MEDIUMNVD

EPSS

0.2%

top 52.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Beauty Parlour Management System

Timeline

PublishedJun 17

Latest updateNov 21

Description

Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:LExploitability: 1.7 | Impact: 3.7

Affected Packages1 packages

▶NVDphpgurukul/beauty_parlour_management_system1.0

🔴Vulnerability Details

OSV

linux-iot vulnerabilities↗2025-08-04

▶

OSV

linux-azure vulnerabilities↗2025-07-30

▶

OSV

linux-azure, linux-azure-5.4, linux-azure-fips, linux-raspi, linux-raspi-5.4 vulnerabilities↗2025-07-29

▶

OSV

linux, linux-aws, linux-aws-5.4, linux-aws-fips, linux-bluefield, linux-fips, linux-gcp, linux-gcp-5.4, linux-gcp-fips, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5↗2025-07-25

▶

OSV

linux-xilinx-zynqmp vulnerabilities↗2025-07-11

▶

📋Vendor Advisories

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2025-13223↗2025-11-21

▶