| Title | PHPGurukul Directory Management System 2.0 Cross Site Scripting |
|---|
| Description | The POST-based XSS vulnerability in Directory Management System's search functionality allows injecting JavaScript payloads through the "searchdata" parameter. Unlike GET-based XSS, attackers must trick users into submitting a malicious form, but the severity remains critical due to modern attack vectors like:
1.Hosting malicious form on phishing pages
2.Using XMLHttpRequest to auto-submit POST data
3.Exploiting through iframe injections |
|---|
| Source | ⚠️ https://github.com/Schatten-42/MyCVE/issues/4 |
|---|
| User | -Schatten- (UID 85151) |
|---|
| Submission | 05/11/2025 16:53 (12 months ago) |
|---|
| Moderation | 05/16/2025 21:01 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 309404 [PHPGurukul Directory Management System 2.0 /searchdata.php searchdata cross site scripting] |
|---|
| Points | 20 |
|---|