CVE-2024-53365 — Cross-site Scripting in Vehicle Parking Management System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 75.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Vehicle Parking Management System

Timeline

PublishedNov 26

Description

A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. This vulnerability allows authenticated users to inject malicious XSS scripts into the profile name field.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDphpgurukul/vehicle_parking_management_system1.13

🔴Vulnerability Details

CVEList

CVE-2024-53365: A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1↗2024-11-26

▶

GHSA

GHSA-9vv4-rwwg-wc6h: A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1↗2024-11-26

▶