Submeter #592638: PHPGurukul Rail Pass Management System V1.0 Cross Site Scriptinginformação

Título	PHPGurukul Rail Pass Management System V1.0 Cross Site Scripting
Descrição	During the security assessment of "Rail Pass Management System", I detected a critical Cross-Site Scripting vulnerability in the "/rpms/admin/aboutus.php" file. This vulnerability is attributed to the insufficient sanitization and validation of user input for the "pagedes" parameter.When somebody do this XSS attattack in admin management "/rpms/admin/aboutus.php",anyone who look through this website in the "About",the cookie will be stolen by others. This inadequacy enables attackers to inject malicious JavaScript payloads that execute within the context of the application domain. Consequently, attackers can compromise user accounts, steal sensitive information, and manipulate application functionality. Immediate corrective actions are essential to safeguard user security and maintain trust.
Fonte	⚠️ https://github.com/kakalalaww/CVE/issues/11
Utilizador	kakalalaww (UID 86294)
Submissão	08/06/2025 10h50 (há 1 Ano)
Moderação	15/06/2025 12h33 (7 days later)
Estado	Aceite
Entrada VulDB	312594 [PHPGurukul Rail Pass Management System 1.0 /admin/aboutus.php pagedes Script de Site Cruzado]
Pontos	20

Do you want to use VulDB in your project?

Use the official API to access entries easily!