CVE-2024-51106 — Cross-site Scripting in Medical Card Generation System

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 77.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Anujk305 Medical Card Generation System

Timeline

PublishedMay 19

Latest updateNov 25

Description

A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 1.5 | Impact: 2.7

Affected Packages1 packages

▶NVDanujk305/medical_card_generation_system1.0

🔴Vulnerability Details

OSV

mupdf vulnerabilities↗2025-11-25

▶

GHSA

GHSA-vgrj-mg42-7vqg: A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus↗2025-05-19

▶

CVEList

CVE-2024-51106: A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus↗2025-05-19

▶