CVE-2024-3084 - OpenCVE

A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258677 was assigned to this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_sxss.md
https://vuldb.com/?ctiid.258677
https://vuldb.com/?id.258677
https://vuldb.com/?submit.306957

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-03-30T07:31:04.348Z

Updated: 2024-08-01T19:32:42.624Z

Reserved: 2024-03-29T14:27:01.981Z

Link: CVE-2024-3084

Vulnrichment

Updated: 2024-08-01T19:32:42.624Z

NVD

Status : Awaiting Analysis

Published: 2024-03-30T08:15:07.510

Modified: 2024-05-17T02:39:42.520

Link: CVE-2024-3084

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3084", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-03-29T14:27:01.981Z", "datePublished": "2024-03-30T07:31:04.348Z", "dateUpdated": "2024-08-01T19:32:42.624Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-03-30T07:31:04.348Z"}, "title": "PHPGurukul Emergency Ambulance Hiring Portal Hire an Ambulance Page cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Cross Site Scripting"}]}], "affected": [{"vendor": "PHPGurukul", "product": "Emergency Ambulance Hiring Portal", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["Hire an Ambulance Page"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258677 was assigned to this vulnerability."}, {"lang": "de", "value": "Eine Schwachstelle wurde in PHPGurukul Emergency Ambulance Hiring Portal 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Hire an Ambulance Page. Dank Manipulation des Arguments Patient Name/Relative Name/Relative Phone Number/City/State/Message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "timeline": [{"time": "2024-03-29T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-03-29T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-03-29T15:32:32.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "dhabaleshwar (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.258677", "name": "VDB-258677 | PHPGurukul Emergency Ambulance Hiring Portal Hire an Ambulance Page cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.258677", "name": "VDB-258677 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.306957", "name": "Submit #306957 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_sxss.md", "tags": ["exploit"]}]}, "adp": [{"affected": [{"vendor": "phpgurukul", "product": "emergency_ambulance_hiring_portal", "cpes": ["cpe:2.3:a:phpgurukul:emergency_ambulance_hiring_portal:1.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-12T15:09:26.747242Z", "id": "CVE-2024-3084", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T18:14:38.183Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.624Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.258677", "name": "VDB-258677 | PHPGurukul Emergency Ambulance Hiring Portal Hire an Ambulance Page cross site scripting", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.258677", "name": "VDB-258677 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.306957", "name": "Submit #306957 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_sxss.md", "tags": ["exploit", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.258677", "name": "VDB-258677 | PHPGurukul Emergency Ambulance Hiring Portal Hire an Ambulance Page cross site scripting", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.258677", "name": "VDB-258677 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.306957", "name": "Submit #306957 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_sxss.md", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.624Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3084", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-12T15:09:26.747242Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:phpgurukul:emergency_ambulance_hiring_portal:1.0:*:*:*:*:*:*:*"], "vendor": "phpgurukul", "product": "emergency_ambulance_hiring_portal", "versions": [{"status": "affected", "version": "1.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T15:30:24.099Z"}}], "cna": {"title": "PHPGurukul Emergency Ambulance Hiring Portal Hire an Ambulance Page cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "dhabaleshwar (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "affected": [{"vendor": "PHPGurukul", "modules": ["Hire an Ambulance Page"], "product": "Emergency Ambulance Hiring Portal", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2024-03-29T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-03-29T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-03-29T15:32:32.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.258677", "name": "VDB-258677 | PHPGurukul Emergency Ambulance Hiring Portal Hire an Ambulance Page cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.258677", "name": "VDB-258677 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.306957", "name": "Submit #306957 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_sxss.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258677 was assigned to this vulnerability."}, {"lang": "de", "value": "Eine Schwachstelle wurde in PHPGurukul Emergency Ambulance Hiring Portal 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Hire an Ambulance Page. Dank Manipulation des Arguments Patient Name/Relative Name/Relative Phone Number/City/State/Message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Cross Site Scripting"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-03-30T07:31:04.348Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3084", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:32:42.624Z", "dateReserved": "2024-03-29T14:27:01.981Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-03-30T07:31:04.348Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258677 was assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Emergency Ambulance Hiring Portal 1.0. Ha sido calificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del componente Hire an Ambulance Page. La manipulaci\u00f3n del argumento Patient Name/Relative Name/Relative Phone Number/City/State/Message conduce a cross-site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-258677."}], "id": "CVE-2024-3084", "lastModified": "2024-05-17T02:39:42.520", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-03-30T08:15:07.510", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_sxss.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.258677"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.258677"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.306957"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@vuldb.com", "type": "Primary"}]}