CVE-2024-51107

Description

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters.

Reserved 2024-10-28 | Published 2025-05-23 | Updated 2025-05-29 | Assigner mitre

References

github.com/...rd Generation System/Stored XSS-Contact Us.pdf

cve.org (CVE-2024-51107)

nvd.nist.gov (CVE-2024-51107)

Download JSON