Projectworlds Visitor Management System Add Visitor myform.php cross site scripting

4.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /myform.php of the component Add Visitor Page. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-11067

Source VulDB

Published Sep 27, 2025 at 15:32

Affected Product

Vendor Projectworlds

Product Visitor Management System

Version 1.0

Affected Versions Projectworlds Visitor Management System 1.0

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /myform.php of the component Add Visitor Page. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.",
    "published": "2025-09-27T15:32:05.299Z",
    "modified": "2025-09-27T15:32:05.299Z",
    "type": "cve",
    "title": "Projectworlds Visitor Management System Add Visitor myform.php cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.326106\nhttps://vuldb.com/?ctiid.326106\nhttps://vuldb.com/?submit.659652\nhttps://github.com/tddgns/cve/issues/2",
    "id": "CVE-2025-11067",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "Projectworlds Visitor Management System 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Visitor Management System",
    "version": "1.0",
    "vendor": "Projectworlds",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Projectworlds Visitor Management System Add Visitor myform.php cross site scripting_CVE-2025-11067