CVE-2024-41333

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 63.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Tourism Management System

Timeline

PublishedAug 6

Description

A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDphpgurukul/tourism_management_system2.0

🔴Vulnerability Details

CVEList

CVE-2024-41333: A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2↗2024-08-06

▶

GHSA

GHSA-x2r7-v693-3xwx: A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2↗2024-08-06

▶