cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-41333,https://securityvulnerability.io/vulnerability/CVE-2024-41333,Reflected Cross-Site Scripting Vulnerability in Phpgurukul Tourism Management System,"A reflected cross-site scripting (XSS) vulnerability has been identified in the Phpgurukul Tourism Management System v2.0. This vulnerability permits attackers to inject malicious payloads through the 'uname' parameter, enabling them to execute arbitrary code within the context of a victim's browser. Exploiting this flaw could allow unauthorized access to sensitive user information and facilitate further attacks. Implementing input validation and output encoding measures could mitigate this risk and protect user data.",PHPgurukul,Tourism Management System,6.1,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2024-08-06T16:15:00.000Z,0
CVE-2024-1822,https://securityvulnerability.io/vulnerability/CVE-2024-1822,Cross Site Scripting Vulnerability in User-Bookings.php Could Lead to Remote Exploitation,"A security flaw has been identified within the user-bookings.php file of the PHPGurukul Tourism Management System 1.0. This vulnerability enables attackers to inject malicious scripts through the Full Name argument, resulting in cross-site scripting (XSS). By leveraging this vulnerability, an attacker can execute arbitrary scripts in the context of the victim's browser, which may lead to unauthorized access to sensitive information or perform actions on behalf of the user without their consent. The issue can be exploited remotely, making it imperative for users and administrators to address this weakness promptly.",PHPgurukul,Tourism Management System,6.1,MEDIUM,0.0012499999720603228,false,,false,false,true,2024-02-23T15:31:05.000Z,true,false,false,,2024-02-23T15:31:05.339Z,0
CVE-2022-30930,https://securityvulnerability.io/vulnerability/CVE-2022-30930,Cross Site Request Forgery in Tourism Management System Version 3.2,"The Tourism Management System, specifically version 3.2, is susceptible to a Cross Site Request Forgery (CSRF) vulnerability. This security flaw allows attackers to manipulate the legitimate user's actions without their consent, posing a risk to the integrity and confidentiality of user data. This vulnerability emphasizes the necessity of implementing robust anti-CSRF mechanisms to safeguard web applications against unauthorized actions and potential data breaches.",PHPgurukul,Tourism Management System,4.3,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2022-06-14T16:08:42.000Z,0
CVE-2020-28136,https://securityvulnerability.io/vulnerability/CVE-2020-28136,Arbitrary File Upload Vulnerability in SourceCodester Tourism Management System,"The SourceCodester Tourism Management System version 1.0 is affected by an Arbitrary File Upload vulnerability that enables users to execute remote code through the insecure page admin/create-package.php. This flaw allows potential attackers to upload malicious files, leading to unauthorized access and system compromise. Proper security measures must be taken to mitigate this vulnerability to protect the integrity and security of the software.",PHPgurukul,Tourism Management System,8.8,HIGH,0.008100000210106373,false,,false,false,false,,,false,false,,2020-11-17T19:06:21.000Z,0