Home / Vulnerability Intelligence / CVE-2024-51226

CVE-2024-51226 - Vulnerability Analysis

MediumCVSS: 6.1

Last Updated: March 24, 2026

Phpgurukul Vehicle Record Management System - Stored XSS

Published: March 23, 2026Updated: March 24, 2026PoC AvailableRemote Exploitable

Overview

Phpgurukul Vehicle Record Management System v1.0 contains a stored XSS caused by improper sanitization of the Search parameter in /admin/search-vehicle.php, letting attackers execute arbitrary scripts via crafted payload injection.

Severity & Score

Severity: Medium

CVSS Score: 6.1

Impact

Attackers can execute arbitrary scripts in users' browsers, potentially stealing cookies or performing actions on behalf of users.

Mitigation

Update to the latest version with proper input sanitization and output encoding.

References

https://github.com/Buckdray/vulnerability-research
https://github.com/Buckdray/vulnerability-research/tree/main/CVE-2024-51226

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2024-51226
Severity: Medium
CVSS Score: 6.1
Type: stored_xss
Status: confirmed

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N