| Title | PHPGurukul Human Metapneumovirus (HMPV) – Testing Management System 1.0 Cross Site Scripting |
|---|
| Description | There is a Cross - Site Scripting (XSS) vulnerability on the `registered-user-testing.php` page. Although the front - end restricts the `regmobilenumber` input to numbers only, the back - end fails to validate, filter, or encode the output of this parameter.
Attackers can construct a malicious URL by setting the `regmobilenumber` parameter to `<script>alert("xss")</script>` and adding `search=Search` to simulate a search, bypassing the front - end restriction. When users visit the URL with these malicious parameters, the page will execute the script, triggering an "xss" alert box.
This high - risk vulnerability allows attackers to create sophisticated malicious scripts to steal users' session credentials and login information, redirect the page to malicious websites, or perform other malicious actions, severely threatening user privacy and system security. |
|---|
| Source | ⚠️ https://github.com/sorcha-l/cve/blob/main/Human%20Metapneumovirus%20(HMPV)%20%E2%80%93%20Testing%20Management%20System%20%20XSS%20in%20registered-user-testing.php.md |
|---|
| User | lxk_ (UID 81990) |
|---|
| Submission | 03/06/2025 10:56 (1 Year ago) |
|---|
| Moderation | 03/16/2025 14:18 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 299870 [PHPGurukul Human Metapneumovirus Testing Management System 1.0 Registered Mobile Number Search registered-user-testing.php regmobilenumber cross site scripting] |
|---|
| Points | 20 |
|---|