CVE-2024-53635 — Cross-site Scripting in Covid19 Testing Management System
Severity
4.8MEDIUMNVD
EPSS
0.1%
top 77.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 27
Description
A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7