CVE Details
Basic Information
| Title | PHPGurukul Bus Pass Management System Profile Page admin-profile.php cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-06-20T00:00:20.793Z |
| Last Seen |
Product Information
| Vendor | PHPGurukul |
|---|---|
| Product | Bus Pass Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 4.8 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A cross-site scripting (XSS) vulnerability was discovered in the PHPGurukul Bus Pass Management System version 1.0. This issue affects the profile name argument on the admin profile page, allowing remote attackers to inject malicious scripts. |
|---|---|
| AI Severity | Medium |
| Vendor | PHPGurukul |
| Product | Bus Pass Management System |
| Affected Version | 1.0 |
Affected Products
- PHPGurukul Bus Pass Management System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-79, CWE-94 |
| Bulletin Family |
References
Description
A vulnerability, which was classified as problematic, has been found in PHPGurukul Bus Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php of the component Profile Page. The manipulation of the argument profile name leads to cross site scripting. The attack may be launched remotely.