CVE-2020-25761
MEDIUMProjectworlds Visitor Management System - XSS
Title source: ruleDescription
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc.
Exploits (1)
exploitdb
WORKING POC
by Rahul Ramkumar · pythonwebappsphp
https://www.exploit-db.com/exploits/48830
References (4)
Scores
CVSS v3
6.1
EPSS
0.0043
EPSS Percentile
62.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
projectworlds/visitor_management_system
1.0
Published
Sep 30, 2020
Tracked Since
Feb 18, 2026