PHPGurukul Emergency Ambulance Hiring Portal 1.0 Add Ambulance Page /admin/add-ambulance.php Ambulance Reg No/Driver Name cross site scripting

EntryHistoryjsonxmlCTI

A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The CWE definition for the vulnerability is CWE-79. The weakness was presented 03/29/2024. It is possible to read the advisory at github.com. The identification of this vulnerability is CVE-2024-3090. The attack may be initiated remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK. It is declared as proof-of-concept. The exploit is available at github.com. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field	03/29/2024 15:32	05/08/2024 01:52	05/08/2024 01:59
price_0day	$0-$5k	$0-$5k	$0-$5k
vendor	PHPGurukul	PHPGurukul	PHPGurukul
name	Emergency Ambulance Hiring Portal	Emergency Ambulance Hiring Portal	Emergency Ambulance Hiring Portal
version	1.0	1.0	1.0
component	Add Ambulance Page	Add Ambulance Page	Add Ambulance Page
file	/admin/add-ambulance.php	/admin/add-ambulance.php	/admin/add-ambulance.php
argument	Ambulance Reg No/Driver Name	Ambulance Reg No/Driver Name	Ambulance Reg No/Driver Name
cwe	79 (cross site scripting)	79 (cross site scripting)	79 (cross site scripting)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	H	H	H
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
url	https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authsxss.md	https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authsxss.md	https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authsxss.md
availability	1	1	1
publicity	1	1	1
url	https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authsxss.md	https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authsxss.md	https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authsxss.md
cve	CVE-2024-3090	CVE-2024-3090	CVE-2024-3090
responsible	VulDB	VulDB	VulDB
date	1711666800 (03/29/2024)	1711666800 (03/29/2024)	1711666800 (03/29/2024)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	M	M	M
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	H	H	H
cvss4_vuldb_vc	N	N	N
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	N	N	N
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	3.3	3.3	3.3
cvss2_vuldb_tempscore	2.8	2.8	2.8
cvss3_vuldb_basescore	2.4	2.4	2.4
cvss3_vuldb_tempscore	2.2	2.2	2.2
cvss3_meta_basescore	2.4	2.4	2.4
cvss3_meta_tempscore	2.2	2.2	2.3
cvss4_vuldb_bscore	5.1	5.1	5.1
cvss4_vuldb_btscore	2.0	2.0	2.0
cve_assigned		1711666800 (03/29/2024)	1711666800 (03/29/2024)
cve_nvd_summary		A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683.	A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683.
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			M
cvss2_nvd_ci			N
cvss2_nvd_ii			P
cvss2_nvd_ai			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			H
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss2_nvd_basescore			3.3
cvss3_cna_basescore			2.4

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!