CVE-2024-41333

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 6, 2024
Updated: Aug 7, 2024
CWE ID 79

Summary

CVE-2024-41333 is a reflected cross-site scripting (XSS) vulnerability affecting the Phpgurukul Tourism Management System version 2.0. This issue allows attackers to inject malicious code into the uname parameter, which is then executed in the context of a user's browser. As a result, attackers can gain unauthorized access to sensitive information, manipulate web pages, or steal user credentials. Users are advised to update their systems as soon as possible to mitigate this risk. Attackers can exploit this vulnerability by tricking users into clicking a specially crafted link or visiting a malicious website. The successful execution of the attack depends on the user's browser's security settings and the attacker's ability to create a convincing payload.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share