Submit #654067: PHPGurukul Car Rental Project V 3.0 a cross-site scripting (XSS)info

TitlePHPGurukul Car Rental Project V 3.0 a cross-site scripting (XSS)
DescriptionDuring the security assessment of "Car Rental Project in PHP and Mysql", a cross-site scripting (XSS) vulnerability was identified in " /carrental/search.php". The vulnerability arises from insufficient sanitization of the "autofocus" parameter, which allows attackers to inject and execute malicious scripts in the browser of a victim visiting the affected page. Depending on the authentication requirements, this issue could affect both unauthenticated visitors and authenticated users, including administrators.
Source⚠️ https://github.com/tddgns/cve/issues/1
User
 tddgns (UID 90187)
Submission09/14/2025 10:09 (7 months ago)
Moderation09/21/2025 11:24 (7 days later)
StatusAccepted
VulDB entry325151 [PHPGurukul Car Rental Project 3.0 /carrental/search.php autofocus cross site scripting]
Points20

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!