| عنوان | PHPGurukul Directory Management System V2.0 cros |
|---|
| الوصف | During the security assessment of the "Directory Management System", I identified a critical Cross Site Scripting (XSS) vulnerability in the "/admin/add-directory.php" file. This vulnerability stems from the insufficient sanitization of user input provided through the "fullname" parameter. Due to this weakness, attackers can inject malicious JavaScript code that is subsequently executed in the context of other users’ browsers. Exploiting this flaw could lead to session hijacking, unauthorized operations, and leakage of sensitive information. Immediate remediation measures are necessary to protect user data, prevent privilege escalation, and maintain the integrity of the system. |
|---|
| المصدر | ⚠️ https://github.com/xiguala123/myCVE/issues/10 |
|---|
| المستخدم | xiguala123 (UID 84472) |
|---|
| ارسال | 19/08/2025 03:45 AM (8 أشهر منذ) |
|---|
| الاعتدال | 29/08/2025 09:05 AM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 321864 [PHPGurukul Directory Management System 2.0 /admin/add-directory.php fullname البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|