CVE-2024-44647

Name of the Vulnerable Software and Affected Versions PHPGurukul Small CRM version 3.0

Description PHPGurukul Small CRM version 3.0 is susceptible to Cross Site Scripting (XSS). The issue is located in the aremark parameter of the ‘manage-tickets.php’ file. Exploitation occurs through manipulation of this parameter, potentially allowing attackers to inject malicious scripts.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the aremark parameter in the ‘manage-tickets.php’ file to prevent the execution of malicious scripts.