CVE-2024-51107

Medium CVSS: 4.8

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters.

Vendor

Anujk305

Product

Medical Card Generation System

CWE

CWE-79

Yayın Tarihi

2025-05-23 15:15:23

Güncelleme

2025-05-29 16:15:39

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Medical Card Generation System MEDIUM Anujk305 2025

Referanslar

https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/Stored%20XSS-Contact%20Us.pdf

Benzer Kayıtlar

Medium

CVE-2025-50367

A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/co…

Medium

CVE-2025-50369

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php)…

Medium

CVE-2025-50370

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php…

Medium

CVE-2025-6613

A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulne…

Medium

CVE-2025-6570

A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected…

Medium

CVE-2025-6301

A vulnerability, which was classified as problematic, has been found in PHPGurukul Notice Board System 1.0. This issue a…