CVE-2024-51099

Name of the Vulnerable Software and Affected Versions PHPGURUKUL Medical Card Generation System version 1.0

Description A reflected cross-site scripting (XSS) issue exists in the mcgs/download-medical-cards.php component, allowing attackers to execute arbitrary code in the context of a user's browser. This is achieved by injecting a crafted payload into the searchdata parameter.

Recommendations For PHPGURUKUL Medical Card Generation System version 1.0, consider restricting access to the mcgs/download-medical-cards.php component until a patch is available. As a temporary workaround, avoid using the searchdata parameter in the affected component to minimize the risk of exploitation.