PHPGurukul Online Banquet Booking System admin-profile.php cross site scripting

July 21, 2025 invoker category_cve

CVE Details

Basic Information

Title PHPGurukul Online Banquet Booking System admin-profile.php cross site scripting
Type cve
Published 2025-07-21T11:02:07.605Z
Modified 2025-07-21T11:02:07.605Z

Product Information

Vendor PHPGurukul
Product Online Banquet Booking System
Version 1.0

CVSS Information

Base Score 5.1 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

AI Analysis

AI Description A cross-site scripting (XSS) vulnerability in PHPGurukul’s Online Banquet Booking System version 1.0 allows remote attackers to inject malicious scripts via the adminname argument in admin-profile.php. This could enable session hijacking or unauthorized actions. The vulnerability is publicly disclosed and exploitable.
AI Severity Medium
AI Vendor PHPGurukul
AI Product Online Banquet Booking System
AI Version 1.0

Affected Products

  • PHPGurukul Online Banquet Booking System 1.0

Additional Information

CWE List CWE-79, CWE-94
Source VulDB

Description

A vulnerability classified as problematic was found in PHPGurukul Online Banquet Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.