CVE-2024-13015 MEDIUM

CVE-2024-13015: PHPGurukul Maid Hiring Management System search-booking-request.php cross site scripting

Vendor Phpgurukul

Product Maid Hiring Management System

Weakness CWE-79 · XSS

Published December 29, 2024

Last update December 30, 2024

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely.

Key dates

02Disclosure timeline

December 29, 2024 CVE published

December 30, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-13015 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-13743 Wonder Video Embed <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2021-39334 Job Board Vanila Plugin <= 1.0 Authenticated Stored Cross-Site Scripting CVE-2024-3671 Print-O-Matic <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-23518 Improper neutralization of data URIs allows XSS in rails-html-sanitizer CVE-2024-24889 WordPress All 404 Pages Redirect to Homepage Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS)