CVE-2024-48170

Name of the Vulnerable Software and Affected Versions PHPGurukul Small CRM version 3.0

Description The issue is related to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php. This allows for potential malicious script execution.

Recommendations For PHPGurukul Small CRM version 3.0, consider disabling the profile.php functionality until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the profile.php page to minimize the risk of exploitation. Avoid using the name variable in the profile.php page until the issue is resolved.