| Название | phpgurukul employee-record-management-system V1.3 Cross Site Scripting |
|---|
| Описание | During a security assessment of employee-record-management-system, a critical Cross-site Scripting (XSS) vulnerability was discovered in the /myprofile.php file. This vulnerability is attributed to the insufficient output encoding of user-supplied input for the First name parameter. This allows attackers to inject malicious client-side scripts. When other users visit the page containing the malicious script, it executes within their browser, potentially leading to session hijacking, data theft, or page defacement. Immediate corrective action is essential to safeguard the system and its users. |
|---|
| Источник | ⚠️ https://github.com/tiancesec/CVE/issues/2 |
|---|
| Пользователь | tiancesec (UID 90883) |
|---|
| Представление | 25.09.2025 15:50 (7 месяцы назад) |
|---|
| Модерация | 27.09.2025 19:32 (2 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 326193 [PHPGurukul Employee Record Management System 1.3 /myprofile.php First name межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|