CVE-2024-53481

{"id": "CVE-2024-53481", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-12-10T20:15:21.033", "references": [{"url": "http://phpgurukul.com", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/sbksibi/CVEs/blob/main/CVE-2024-53481.md", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the \"Firstname\" and \"Last name\" parameters."}, {"lang": "es", "value": "Una vulnerabilidad de Cross Site Scripting (XSS) en profile.php de PHPGurukul Beauty Parlour Management System v1.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario inyectando HTML arbitrario en los par\u00e1metros \"Nombre\" y \"Apellido\"."}], "lastModified": "2025-04-15T20:35:16.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:beauty_parlour_management_system:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0663F5C-7E50-4432-817D-518802751580"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}