{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-51222", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-23T16:49:45.911Z", "dateReserved": "2024-10-28T00:00:00.000Z", "datePublished": "2026-03-23T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-23T15:22:22.669Z"}, "descriptions": [{"lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Buckdray/vulnerability-research"}, {"url": "https://github.com/Buckdray/vulnerability-research/tree/main/CVE-2024-51222"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T16:49:09.155810Z", "id": "CVE-2024-51222", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:49:45.911Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-51222", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T16:49:09.155810Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:49:43.179Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/Buckdray/vulnerability-research"}, {"url": "https://github.com/Buckdray/vulnerability-research/tree/main/CVE-2024-51222"}], "descriptions": [{"lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-23T15:22:22.669Z"}}}, "cveMetadata": {"cveId": "CVE-2024-51222", "state": "PUBLISHED", "dateUpdated": "2026-03-23T16:49:45.911Z", "dateReserved": "2024-10-28T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-23T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:vehicle_record_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D6AE144F-2A5F-4F48-899F-732293FA1DB6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) almacenada en el componente /admin/profile.php del sistema de gesti\u00f3n de registros de veh\u00edculos Phpgurukul v1.0 permite a los atacantes ejecutar scripts web o c\u00f3digo HTML arbitrarios mediante la inyecci\u00f3n de una carga maliciosa en el par\u00e1metro Name."}], "id": "CVE-2024-51222", "lastModified": "2026-03-24T18:18:59.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-23T16:16:31.470", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://github.com/Buckdray/vulnerability-research"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://github.com/Buckdray/vulnerability-research/tree/main/CVE-2024-51222"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "vehicle_record_management_system", "vendor": "phpgurukul"}], "analysis": {"en": {"generated_at": "2026-03-24T19:31:04.947957+00:00", "value": {"mitigation_remediation": ["Apply an official vendor patch or upgrade to a later version that resolves the stored XSS flaw.", "If a patch is unavailable, modify the input handling for the Name field to sanitize or encode all output before rendering.", "Implement a web\u2011application firewall rule that blocks or filters malicious scripts in user input.", "Maintain an updated inventory of affected systems and periodically verify that the mitigation remains effective."], "summary": {"action": "Apply Patch", "impact": "Stored Cross\u2011Site Scripting (XSS)"}, "threat_synthesis": {"affected_systems": "Phpgurukul Vehicle Record Management System version 1.0 is affected. No other vendors or products are listed as impacted.", "description_and_impact": "A stored cross\u2011site scripting vulnerability in the admin/profile.php component allows attackers to inject crafted payloads into the Name parameter. The injected code is saved and later rendered to users, enabling the execution of arbitrary web scripts or HTML. This can lead to session hijacking, defacement, or phishing attacks against users who view the affected page. The weakness is identified as CWE\u201179, indicating improper input validation and output encoding.", "risk_and_exploitability": "The CVSS score of 4.8 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not included in the CISA KEV catalog. Based on the description, the likely attack vector is a crafted HTTP request that injects a payload into the Name field, which is then stored and displayed to other users. The attack requires a write\u2011access to the Name field, possibly through authenticated use of the admin interface."}}}}, "created": "2026-03-24T10:35:08.388368+00:00", "title": "Stored Cross\u2011Site Scripting in Vehicle Record Management System via Profile Component", "updated": "2026-03-25T14:50:17.759164+00:00", "vendors": ["phpgurukul", "phpgurukul$PRODUCT$vehicle_record_management_system"]}