Nscerol

Name of the Vulnerable Software and Affected Versions: Phpgurukul Vehicle Record Management System version 1.0 Description: The issue concerns a Cross Site Scripting (XSS) problem. It occurs in the /admin/add-brand.php endpoint via the `brandname` parameter. This allows for potential malicious script injection. Recommendations: For Phpgurukul Vehicle Record Management System version 1.0, consider validating and sanitizing the `brandname` parameter in the /admin/add-brand.php endpoint to prevent XSS attacks. As a temporary workaround, restrict access to the /admin/add-brand.php endpoint until a proper fix is applied.

Name of the Vulnerable Software and Affected Versions: Phpgurukul Vehicle Record Management System version 1.0 Description: The issue concerns a Cross Site Scripting (XSS) vulnerability. It affects the `/edit-brand.php` endpoint, specifically when the `bid` parameter, represented as `{brandId}`, is used. This allows for potential malicious script injection. Recommendations: For Phpgurukul Vehicle Record Management System version 1.0, consider restricting access to the `/edit-brand.php` endpoint until a patch is available. As a temporary workaround, avoid using the `bid` parameter in the affected endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Phpgurukul Vehicle Record Management System version 1.0 Description: The issue concerns a Cross Site Scripting (XSS) problem. It affects the /admin/profile.php endpoint through the `name`, `email`, and `mobile` parameters. Recommendations: For Phpgurukul Vehicle Record Management System version 1.0, consider disabling access to the /admin/profile.php endpoint until a fix is available. As a temporary workaround, restrict the use of the `name`, `email`, and `mobile` parameters in this endpoint to minimize the risk of exploitation.