CVE-2025-45007

Sažetak

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the adminname POST request parameter.

Reference

https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/Time-Table-Generator-System/xss-injection.md
https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/Time-Table-Generator-System/xss-injection.md

CVSS

Base:	4.8
Impact:	2.7
Exploitability:	1.7

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

09-05-2025 - 13:45

Objavljeno

30-04-2025 - 13:15