Description
A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Search parameter.
Published: 2026-03-23
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting (XSS) enabling arbitrary script execution in a user’s browser
Action: Immediate Patch
AI Analysis

Impact

A stored cross‑site scripting flaw resides in the /admin/search-vehicle.php page of Phpgurukul Vehicle Record Management System version 1.0. The flaw allows attackers to inject malicious scripts via the Search parameter; those scripts are stored and later rendered by the server without escaping. When an administrator or any user views the search results, the browser interprets the injected code, potentially compromising session cookies, defacing the interface, or exfiltrating data. This weakness falls under CWE‑79, a typical stored input injection problem.

Affected Systems

The vulnerability hits installations of Phpgurukul Vehicle Record Management System 1.0. Only systems running that exact version with access to the admin search feature are affected.

Risk and Exploitability

The CVSS base score of 6.1 indicates medium severity. The EPSS score of less than 1 % suggests exploitation is unlikely at present. The vulnerability is not listed in the CISA KEV catalog, meaning no publicly known exploits yet. Likely attack requires access to the admin interface; if the interface is publicly reachable or an attacker can gain credentials, the stored script could be executed whenever a user loads the search results. If the admin area is well protected, the risk depends on the strength of authentication and the potential for credential compromise.

Generated by OpenCVE AI on March 24, 2026 at 20:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑supplied patch or upgrade to a newer version of the Vehicle Record Management System
  • Ensure all user‑supplied input, especially the Search field in /admin/search-vehicle.php, is properly sanitized or encoded before being displayed
  • Restrict the admin search page to authorized administrators and enforce strong authentication

Generated by OpenCVE AI on March 24, 2026 at 20:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Stored XSS in Vehicle Record Management System Search Feature

Tue, 24 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:phpgurukul:vehicle_record_management_system:1.0:*:*:*:*:*:*:*

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Phpgurukul
Phpgurukul vehicle Record Management System
Vendors & Products Phpgurukul
Phpgurukul vehicle Record Management System

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Description A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Search parameter.
References

Subscriptions

Phpgurukul Vehicle Record Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-23T16:53:18.599Z

Reserved: 2024-10-28T00:00:00.000Z

Link: CVE-2024-51226

cve-icon Vulnrichment

Updated: 2026-03-23T16:52:52.291Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T16:16:31.930

Modified: 2026-03-24T18:10:37.880

Link: CVE-2024-51226

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:50:13Z

Weaknesses