CVE-2024-51222

Name of the Vulnerable Software and Affected Versions Phpgurukul Vehicle Record Management System version 1.0

Description The software contains a stored cross-site scripting issue in the /admin/profile.php component. An attacker can inject a crafted payload into the Name parameter, potentially leading to the execution of arbitrary web scripts or HTML.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the Name parameter to prevent the injection of malicious scripts. Restrict access to the /admin/profile.php component to minimize the risk of exploitation.