Description
A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
Published: 2026-03-23
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting (XSS)
Action: Apply Patch
AI Analysis

Impact

A stored cross‑site scripting vulnerability in the admin/profile.php component allows attackers to inject crafted payloads into the Name parameter. The injected code is saved and later rendered to users, enabling the execution of arbitrary web scripts or HTML. This can lead to session hijacking, defacement, or phishing attacks against users who view the affected page. The weakness is identified as CWE‑79, indicating improper input validation and output encoding.

Affected Systems

Phpgurukul Vehicle Record Management System version 1.0 is affected. No other vendors or products are listed as impacted.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not included in the CISA KEV catalog. Based on the description, the likely attack vector is a crafted HTTP request that injects a payload into the Name field, which is then stored and displayed to other users. The attack requires a write‑access to the Name field, possibly through authenticated use of the admin interface.

Generated by OpenCVE AI on March 24, 2026 at 19:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an official vendor patch or upgrade to a later version that resolves the stored XSS flaw.
  • If a patch is unavailable, modify the input handling for the Name field to sanitize or encode all output before rendering.
  • Implement a web‑application firewall rule that blocks or filters malicious scripts in user input.
  • Maintain an updated inventory of affected systems and periodically verify that the mitigation remains effective.

Generated by OpenCVE AI on March 24, 2026 at 19:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Stored Cross‑Site Scripting in Vehicle Record Management System via Profile Component

Tue, 24 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:phpgurukul:vehicle_record_management_system:1.0:*:*:*:*:*:*:*

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Phpgurukul
Phpgurukul vehicle Record Management System
Vendors & Products Phpgurukul
Phpgurukul vehicle Record Management System

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Description A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
References

Subscriptions

Phpgurukul Vehicle Record Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-23T16:49:45.911Z

Reserved: 2024-10-28T00:00:00.000Z

Link: CVE-2024-51222

cve-icon Vulnrichment

Updated: 2026-03-23T16:49:43.179Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T16:16:31.470

Modified: 2026-03-24T18:18:59.577

Link: CVE-2024-51222

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:50:17Z

Weaknesses