Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-31897

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-29 Jun, 2022 | 00:41
Updated At-03 Aug, 2024 | 07:26
Rejected At-
Credits

SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:29 Jun, 2022 | 00:41
Updated At:03 Aug, 2024 | 07:26
Rejected At:
▼CVE Numbering Authority (CNA)

SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://sourcecodester.com
x_refsource_MISC
https://packetstormsecurity.com/files/167572/Zoo-Management-System-1.0-Cross-Site-Scripting.html
x_refsource_MISC
Hyperlink: http://sourcecodester.com
Resource:
x_refsource_MISC
Hyperlink: https://packetstormsecurity.com/files/167572/Zoo-Management-System-1.0-Cross-Site-Scripting.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://sourcecodester.com
x_refsource_MISC
x_transferred
https://packetstormsecurity.com/files/167572/Zoo-Management-System-1.0-Cross-Site-Scripting.html
x_refsource_MISC
x_transferred
Hyperlink: http://sourcecodester.com
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://packetstormsecurity.com/files/167572/Zoo-Management-System-1.0-Cross-Site-Scripting.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:29 Jun, 2022 | 01:15
Updated At:14 Nov, 2023 | 20:19

SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
PHPGurukul LLP
phpgurukul
>>zoo_management_system>>1.0
cpe:2.3:a:phpgurukul:zoo_management_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://sourcecodester.comcve@mitre.org
Vendor Advisory
https://packetstormsecurity.com/files/167572/Zoo-Management-System-1.0-Cross-Site-Scripting.htmlcve@mitre.org
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://sourcecodester.com
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://packetstormsecurity.com/files/167572/Zoo-Management-System-1.0-Cross-Site-Scripting.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

17621Records found
CVE-2025-7817
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.30%
||
7 Day CHG~0.00%
Published-19 Jul, 2025 | 11:32
Updated-29 Jul, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Apartment Visitors Management System HTTP POST Request bwdates-reports.php cross site scripting

A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /bwdates-reports.php of the component HTTP POST Request Handler. The manipulation of the argument visname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-apartment_visitors_management_systemApartment Visitors Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-26304
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 40.00%
||
7 Day CHG~0.00%
Published-29 Jan, 2021 | 01:48
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-daily_expense_tracker_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-7857
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.30%
||
7 Day CHG~0.00%
Published-19 Jul, 2025 | 22:44
Updated-29 Jul, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Apartment Visitors Management System HTTP POST Request bwdates-passreports-details.php cross site scripting

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file bwdates-passreports-details.php of the component HTTP POST Request Handler. The manipulation of the argument visname leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-apartment_visitors_management_systemApartment Visitors Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-28456
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9||CRITICAL
EPSS-0.65% / 69.98%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 00:00
Updated-27 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form.

Action-Not Available
Vendor-n/aCampCodesPHPGurukul LLP
Product-online_marriage_registration_systemn/aonline_marriage_registration_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-7818
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.30%
||
7 Day CHG~0.00%
Published-19 Jul, 2025 | 12:02
Updated-29 Jul, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Apartment Visitors Management System HTTP POST Request category.php cross site scripting

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /category.php of the component HTTP POST Request Handler. The manipulation of the argument categoryname leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-apartment_visitors_management_systemApartment Visitors Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-7856
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.30%
||
7 Day CHG~0.00%
Published-19 Jul, 2025 | 21:14
Updated-29 Jul, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Apartment Visitors Management System HTTP POST Request pass-details.php cross site scripting

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pass-details.php of the component HTTP POST Request Handler. The manipulation of the argument visname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-apartment_visitors_management_systemApartment Visitors Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-7924
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 12.51%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 11:02
Updated-29 Jul, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Banquet Booking System admin-profile.php cross site scripting

A vulnerability classified as problematic was found in PHPGurukul Online Banquet Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_banquet_booking_systemOnline Banquet Booking System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-7942
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.30%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 22:02
Updated-29 Jul, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Taxi Stand Management System admin-profile.php cross site scripting

A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-auto\/taxi_stand_management_systemTaxi Stand Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-7816
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 6.47%
||
7 Day CHG~0.00%
Published-19 Jul, 2025 | 10:32
Updated-29 Jul, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Apartment Visitors Management System HTTP POST Request visitor-detail.php cross site scripting

A vulnerability, which was classified as problematic, was found in PHPGurukul Apartment Visitors Management System 1.0. Affected is an unknown function of the file /visitor-detail.php of the component HTTP POST Request Handler. The manipulation of the argument visname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-apartment_visitors_management_systemApartment Visitors Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-7802
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.30%
||
7 Day CHG~0.00%
Published-18 Jul, 2025 | 19:02
Updated-29 Jul, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Complaint Management System complaint-search.php cross site scripting

A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument Search leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-complaint_management_systemComplaint Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-6287
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 8.63%
||
7 Day CHG~0.00%
Published-19 Jun, 2025 | 23:31
Updated-26 Jun, 2025 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul COVID19 Testing Management System Take Action test-details.php cross site scripting

A vulnerability classified as problematic was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /test-details.php of the component Take Action. The manipulation of the argument remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-covid19_testing_management_systemCOVID19 Testing Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-45007
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.06% / 19.88%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 00:00
Updated-09 May, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the adminname POST request parameter.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-time_table_generator_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-7815
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 7.03%
||
7 Day CHG~0.00%
Published-19 Jul, 2025 | 09:32
Updated-29 Jul, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Apartment Visitors Management System HTTP POST Request manage-newvisitors.php cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPGurukul Apartment Visitors Management System 1.0. This issue affects some unknown processing of the file /manage-newvisitors.php of the component HTTP POST Request Handler. The manipulation of the argument visname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-PHPGurukul LLP
Product-apartment_visitors_management_systemApartment Visitors Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-7941
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 12.51%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 21:32
Updated-29 Jul, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Time Table Generator System profile.php cross site scripting

A vulnerability, which was classified as problematic, was found in PHPGurukul Time Table Generator System 1.0. Affected is an unknown function of the file /admin/profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-time_table_generator_systemTime Table Generator System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-7926
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 12.51%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 13:32
Updated-29 Jul, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Banquet Booking System booking-search.php cross site scripting

A vulnerability, which was classified as problematic, was found in PHPGurukul Online Banquet Booking System 1.0. This affects an unknown part of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_banquet_booking_systemOnline Banquet Booking System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-7858
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.30%
||
7 Day CHG~0.00%
Published-19 Jul, 2025 | 23:44
Updated-29 Jul, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Apartment Visitors Management System HTTP POST Request admin-profile.php cross site scripting

A vulnerability classified as problematic has been found in PHPGurukul Apartment Visitors Management System 1.0. This affects an unknown part of the file /admin-profile.php of the component HTTP POST Request Handler. The manipulation of the argument adminname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-apartment_visitors_management_systemApartment Visitors Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-7767
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.30%
||
7 Day CHG~0.00%
Published-18 Jul, 2025 | 00:02
Updated-29 Jul, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Art Gallery Management System edit-art-medium-detail.php cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPGurukul Art Gallery Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/edit-art-medium-detail.php. The manipulation of the argument artmed leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-art_gallery_management_systemArt Gallery Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-7819
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 7.03%
||
7 Day CHG~0.00%
Published-19 Jul, 2025 | 12:14
Updated-29 Jul, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Apartment Visitors Management System HTTP POST Request create-pass.php cross site scripting

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /create-pass.php of the component HTTP POST Request Handler. The manipulation of the argument visname leads to cross site scripting. It is possible to initiate the attack remotely.

Action-Not Available
Vendor-PHPGurukul LLP
Product-apartment_visitors_management_systemApartment Visitors Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-13075
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.27%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 17:31
Updated-06 Jan, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Land Record System add-propertytype.php cross site scripting

A vulnerability classified as problematic was found in PHPGurukul Land Record System 1.0. This vulnerability affects unknown code of the file /admin/add-propertytype.php. The manipulation of the argument Land Property Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-land_record_systemLand Record System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-13076
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 16.04%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 18:00
Updated-06 Jan, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Land Record System edit-propertytype.php cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/edit-propertytype.php. The manipulation of the argument Property Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-land_record_systemLand Record System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-13077
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 16.04%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 18:31
Updated-06 Jan, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Land Record System add-property.php cross site scripting

A vulnerability, which was classified as problematic, was found in PHPGurukul Land Record System 1.0. Affected is an unknown function of the file /admin/add-property.php. The manipulation of the argument Land Subtype leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-land_record_systemLand Record System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-13074
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 13.76%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 16:24
Updated-03 Apr, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Land Record System index.php cross site scripting

A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-land_record_systemLand Record System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-13083
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.66%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 21:31
Updated-06 Jan, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Land Record System admin-profile.php cross site scripting

A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument Admin Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-land_record_systemLand Record System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-13080
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 20:00
Updated-30 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Land Record System aboutus.php cross site scripting

A vulnerability was found in PHPGurukul Land Record System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/aboutus.php. The manipulation of the argument Page Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-land_record_systemLand Record System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-13081
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 20:31
Updated-06 Jan, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Land Record System contactus.php cross site scripting

A vulnerability was found in PHPGurukul Land Record System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/contactus.php. The manipulation of the argument Page Description leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-land_record_systemLand Record System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-11675
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.41%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 00:00
Updated-04 Dec, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro Hospital Management System Add Patient Details Page his_admin_register_patient.php cross site scripting

A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeAstroPHPGurukul LLP
Product-hospital_management_systemHospital Management Systemhospital_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-10753
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 02:00
Updated-06 Nov, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal dom_data_two_headers.php cross site scripting

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_shopping_portalOnline Shopping Portalonline_shopping_portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10807
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.11% / 29.53%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 01:00
Updated-06 Nov, 2024 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Hospital Management System search.php cross site scripting

A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anujkumarPHPGurukul LLP
Product-hospital_management_systemHospital Management Systemhospital_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-10806
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.11% / 29.53%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 00:31
Updated-06 Nov, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Hospital Management System betweendates-detailsreports.php cross site scripting

A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anujkumarPHPGurukul LLP
Product-hospital_management_systemHospital Management Systemhospital_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-10768
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.12%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 18:31
Updated-06 Nov, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal two_tables.php cross site scripting

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/two_tables.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_shopping_portalOnline Shopping Portalonline_shopping_portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-10191
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.91%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 05:31
Updated-22 Oct, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Boat Booking System Booking Details Page book-details.php cross site scripting

A vulnerability, which was classified as problematic, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/book-details.php of the component Booking Details Page. The manipulation of the argument Official Remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-boat_booking_systemBoat Booking System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10192
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.70%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 07:00
Updated-22 Oct, 2024 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul IFSC Code Finder Project search.php cross site scripting

A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-ifsc_code_finderIFSC Code Finder Project
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10414
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.10% / 28.82%
||
7 Day CHG+0.02%
Published-27 Oct, 2024 | 10:31
Updated-29 Oct, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Vehicle Record System edit-brand.php cross site scripting

A vulnerability, which was classified as problematic, was found in PHPGurukul Vehicle Record System 1.0. This affects an unknown part of the file /admin/edit-brand.php. The manipulation of the argument Brand Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "phone_number" to be affected. But this might be a mistake because the textbox field label is "Brand Name".

Action-Not Available
Vendor-PHPGurukul LLP
Product-vehicle_record_systemVehicle Record Systemvehicle_record_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12982
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 13.70%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 06:00
Updated-03 Apr, 2025 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Blood Bank & Donor Management System update-contactinfo.php cross site scripting

A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-blood_bank_\&_donor_management_systemBlood Bank & Donor Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-0652
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:31
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Company Visitor Management System search-visitor.php cross site scripting

A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file search-visitor.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251378 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLP
Product-company_visitor_management_systemCompany Visitor Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-0476
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-2.4||LOW
EPSS-0.06% / 17.21%
||
7 Day CHG~0.00%
Published-13 Jan, 2024 | 05:31
Updated-03 Jun, 2025 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Blood Bank & Donor Management request-received-bydonar.php cross site scripting

A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250581 was assigned to this vulnerability.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-blood_bank_\&_donor_management_systemBlood Bank & Donor Management
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-7173
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-9.03% / 92.30%
||
7 Day CHG~0.00%
Published-30 Dec, 2023 | 11:31
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Hospital Management System registration.php cross site scripting

A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249357 was assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLP
Product-hospital_management_systemHospital Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-7054
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 35.13%
||
7 Day CHG~0.00%
Published-22 Dec, 2023 | 02:00
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Notes Sharing System add-notes.php unrestricted upload

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_notes_sharing_systemOnline Notes Sharing System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-7050
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.19% / 41.20%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 21:31
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Notes Sharing System profile.php cross site scripting

A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The manipulation of the argument name/email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248737 was assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_notes_sharing_systemOnline Notes Sharing System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-6442
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.15% / 35.97%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 21:00
Updated-10 Oct, 2024 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Nipah Virus Testing Management System add-phlebotomist.php cross site scripting

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add-phlebotomist.php. The manipulation of the argument empid/fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246445 was assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLP
Product-nipah_virus_testing_management_systemNipah Virus Testing Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-2375
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.10%
||
7 Day CHG+0.01%
Published-17 Mar, 2025 | 11:31
Updated-08 May, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Human Metapneumovirus Testing Management System Admin Profile Page profile.php cross site scripting

A vulnerability, which was classified as problematic, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /profile.php of the component Admin Profile Page. The manipulation of the argument email leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-human_metapneumovirus_testing_management_systemHuman Metapneumovirus Testing Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-2371
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.10%
||
7 Day CHG+0.01%
Published-17 Mar, 2025 | 09:31
Updated-08 May, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Human Metapneumovirus Testing Management System Registered Mobile Number Search registered-user-testing.php cross site scripting

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /registered-user-testing.php of the component Registered Mobile Number Search. The manipulation of the argument regmobilenumber leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-human_metapneumovirus_testing_management_systemHuman Metapneumovirus Testing Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-47446
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.47% / 63.84%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 00:00
Updated-29 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-pre-school_enrollment_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-1816
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.19% / 41.56%
||
7 Day CHG~0.00%
Published-23 May, 2022 | 11:30
Updated-15 Oct, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoo Management System Content Module cross site scripting

A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.

Action-Not Available
Vendor-unspecifiedPHPGurukul LLP
Product-zoo_management_systemZoo Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-46026
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.14% / 35.33%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 00:00
Updated-03 Sep, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-teacher_subject_allocation_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-37690
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.07% / 21.46%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 00:00
Updated-10 Oct, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-maid_hiring_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-41593
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 50.11%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 00:00
Updated-26 Sep, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-dairy_farm_shop_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-44317
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.98%
||
7 Day CHG~0.00%
Published-16 Dec, 2021 | 18:26
Updated-04 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-bus_pass_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-41614
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.06% / 19.16%
||
7 Day CHG~0.00%
Published-21 Sep, 2023 | 00:00
Updated-02 Aug, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-zoo_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-33580
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.55% / 66.85%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 00:00
Updated-02 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-student_study_center_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 352
  • 353
  • Next
Details not found