CVE-2024-51209

MEDIUM

Client Management System 1.2 - Stored Cross-Site Scripting via Search Input Field

Title source: llm

Description

Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page.

References (2)

Core 2

Core References

Exploit

https://gist.github.com/Esquirez/0c41e0279ca11d9bfc52c3938041d935

Product

https://phpgurukul.com/client-management-system-using-php-mysql/

Scores

CVSS v3 5.4

EPSS 0.0015

EPSS Percentile 35.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

phpgurukul/client_management_system 1.2

Published Nov 20, 2024

Tracked Since Feb 18, 2026