CVE-2024-51107 — Cross-site Scripting in Medical Card Generation System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 62.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Anujk305 Medical Card Generation System

Timeline

PublishedMay 23

Description

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

▶NVDanujk305/medical_card_generation_system1.0

🔴Vulnerability Details

GHSA

GHSA-xgcx-978m-c62h: Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus↗2025-05-23

▶

CVEList

CVE-2024-51107: Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus↗2025-05-23

▶