CVE-2024-48703 — Cross-site Scripting in Medical Card Generation System

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.1%

top 72.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Anujk305 Medical Card Generation System

Timeline

PublishedDec 6

Description

PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

▶NVDanujk305/medical_card_generation_system1.0

🔴Vulnerability Details

GHSA

GHSA-q3rj-96fw-94q2: PhpGurukul Medical Card Generation System v1↗2024-12-06

▶

CVEList

CVE-2024-48703: PhpGurukul Medical Card Generation System v1↗2024-12-06

▶

💬Community

Bugzilla

CVE-2022-48703 kernel: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR↗2024-05-03

▶