CVE-2024-51108 — Cross-site Scripting in Medical Card Generation System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 65.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Anujk305 Medical Card Generation System

Timeline

PublishedMay 23

Description

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDanujk305/medical_card_generation_system1.0

🔴Vulnerability Details

GHSA

GHSA-x6xg-9w9q-643p: Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report↗2025-05-23

▶

CVEList

CVE-2024-51108: Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report↗2025-05-23

▶