CVE-2024-51209 — Cross-site Scripting in Client Management System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 63.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Client Management System

Timeline

PublishedNov 20

Description

Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDphpgurukul/client_management_system1.2

🔴Vulnerability Details

CVEList

CVE-2024-51209: Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1↗2024-11-20

▶

GHSA

GHSA-qwhj-q28h-8hg6: Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1↗2024-11-20

▶