| タイトル | PHPGurukul Car Rental Project V 3.0 a cross-site scripting (XSS) |
|---|
| 説明 | During the security assessment of "Car Rental Project in PHP and Mysql", a cross-site scripting (XSS) vulnerability was identified in " /carrental/search.php".
The vulnerability arises from insufficient sanitization of the "autofocus" parameter, which allows attackers to inject and execute malicious scripts in the browser of a victim visiting the affected page.
Depending on the authentication requirements, this issue could affect both unauthenticated visitors and authenticated users, including administrators. |
|---|
| ソース | ⚠️ https://github.com/tddgns/cve/issues/1 |
|---|
| ユーザー | tddgns (UID 90187) |
|---|
| 送信 | 2025年09月14日 10:09 (7 月 ago) |
|---|
| モデレーション | 2025年09月21日 11:24 (7 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 325151 [PHPGurukul Car Rental Project 3.0 /carrental/search.php autofocus クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|