CVE-2024-53481

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 10, 2024
CWE ID 79

Summary

CVE-2024-53481 is a Cross-Site Scripting (XSS) vulnerability affecting the profile.php file in the PHPGurukul Beauty Parlour Management System version 1.1. This issue enables remote attackers to inject arbitrary HTML code into the "Firstname" and "Last name" parameters, allowing them to execute malicious scripts in the browsers of unsuspecting users. Successful exploitation of this vulnerability could lead to data theft, unauthorized account access, or even complete system takeover. Users are encouraged to apply the necessary patches or upgrades to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Phpgurukul Beauty Parlour Management System