Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field.
References
| Link | Resource |
|---|---|
| https://cyberxtron.com/blog/cve-2024-37798---cross-site-scripting-xss-in-beauty-parlour-management-system--5187 | Exploit Third Party Advisory |
| https://owasp.org/www-community/attacks/xss/ | Technical Description |
| https://cyberxtron.com/blog/cve-2024-37798---cross-site-scripting-xss-in-beauty-parlour-management-system--5187 | Exploit Third Party Advisory |
| https://owasp.org/www-community/attacks/xss/ | Technical Description |
Configurations
History
03 Apr 2025, 00:48
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://cyberxtron.com/blog/cve-2024-37798---cross-site-scripting-xss-in-beauty-parlour-management-system--5187 - Exploit, Third Party Advisory | |
| References | () https://owasp.org/www-community/attacks/xss/ - Technical Description | |
| CPE | cpe:2.3:a:phpgurukul:beauty_parlour_management_system:1.0:*:*:*:*:*:*:* | |
| First Time |
Phpgurukul
Phpgurukul beauty Parlour Management System |
Information
Published : 2024-06-17 21:15
Updated : 2025-04-03 00:48
NVD link : CVE-2024-37798
Mitre link : CVE-2024-37798
CVE.ORG link : CVE-2024-37798
JSON object : View
Products Affected
phpgurukul
- beauty_parlour_management_system
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')