CVE-2024-51225 - Vulnerability Analysis
MediumCVSS: 4.8Last Updated: March 24, 2026
Phpgurukul Vehicle Record Management System - Stored XSS
Published: March 23, 2026Updated: March 24, 2026PoC AvailableRemote Exploitable
Overview
Phpgurukul Vehicle Record Management System v1.0 contains a stored XSS caused by improper sanitization of the brandname parameter in /admin/add-brand.php, letting attackers execute arbitrary scripts via crafted payload injection.
Severity & Score
Severity: Medium
CVSS Score: 4.8
Impact
Attackers can execute arbitrary scripts in users' browsers, potentially stealing cookies or performing actions on behalf of users.
Mitigation
Update to the latest version with proper input sanitization or apply patches to sanitize the brandname parameter.
References
Related Resources
Details
- CVE ID
- CVE-2024-51225
- Severity
- Medium
- CVSS Score
- 4.8
- Type
- stored_xss
- Status
- confirmed
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N