प्लेटफ़ॉर्म
php
घटक
land-record-system
में ठीक किया गया
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in PHPGurukul Land Record System versions 1.0 through 1.0. This vulnerability allows attackers to inject malicious scripts into the application, potentially leading to session hijacking or defacement. The affected component resides within the /admin/aboutus.php file. A patch is available in version 1.0.1.
The XSS vulnerability in PHPGurukul Land Record System allows an attacker to inject arbitrary JavaScript code into the application's web pages. This can be exploited to steal user credentials, redirect users to malicious websites, or deface the application's interface. Successful exploitation requires an attacker to manipulate the 'Page Description' parameter within the /admin/aboutus.php file. The impact is particularly severe if the application is used to manage sensitive land records, as an attacker could potentially gain unauthorized access to this data. The public disclosure of this vulnerability increases the risk of exploitation.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. The exploit is relatively straightforward, making it accessible to a wide range of attackers. While the CVSS score is LOW, the potential impact on sensitive data warrants prompt remediation. No KEV listing or confirmed exploitation campaigns are currently known as of the publication date.
Organizations and individuals using PHPGurukul Land Record System version 1.0 are at risk. This is particularly concerning for those using the system to manage sensitive land records or those with limited security expertise who may not be aware of the vulnerability or how to mitigate it.
• wordpress / composer / npm:
grep -r "Page Description" /var/www/html/admin/aboutus.php• generic web:
curl -I http://your-land-record-system.com/admin/aboutus.php?Page Description=<script>alert('XSS')</script>disclosure
एक्सप्लॉइट स्थिति
EPSS
0.17% (38% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-13080 is to upgrade to version 1.0.1 of PHPGurukul Land Record System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the 'Page Description' parameter in /admin/aboutus.php to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Review access logs for suspicious activity related to the /admin/aboutus.php endpoint. After upgrade, confirm the vulnerability is resolved by attempting to inject a simple XSS payload into the 'Page Description' field and verifying that the script is not executed.
एक पैच किए गए संस्करण में अपडेट करें या फ़ाइल /admin/aboutus.php में क्रॉस-साइट स्क्रिप्टिंग (XSS) भेद्यता को ठीक करें। दुर्भावनापूर्ण कोड इंजेक्शन से बचने के लिए 'Page Description' तर्क के इनपुट को सैनिटाइज करें। भेद्यता और संभावित समाधानों के बारे में अधिक जानकारी के लिए दिए गए संदर्भों को देखें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-13080 is a cross-site scripting (XSS) vulnerability in PHPGurukul Land Record System versions 1.0–1.0, allowing attackers to inject malicious scripts via the 'Page Description' parameter.
You are affected if you are using PHPGurukul Land Record System version 1.0. Check your version and upgrade immediately.
Upgrade to version 1.0.1. If immediate upgrade is not possible, implement input validation and output encoding on the 'Page Description' parameter.
While no active exploitation campaigns are confirmed, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Refer to the PHPGurukul website or security advisories for the official advisory regarding CVE-2024-13080.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।