CVE-2024-51328 — Cross-site Scripting in Travel Management System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 69.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Projectworlds Travel Management System

Timeline

PublishedNov 4

Description

Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDprojectworlds/travel_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-38w9-w6h5-wfxm: Cross Site Scripting vulnerability in addcategory↗2024-11-04

▶

CVEList

CVE-2024-51328: Cross Site Scripting vulnerability in addcategory↗2024-11-04

▶