CVE-2024-25202

MEDIUM

Phpgurukul User Registration & Login and User Management System 1.0 - Stored Cross-Site Scripting via Search Bar

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-25202. PoCs published by Agampreet-Singh.

AI-analyzed exploit summary This repository documents a reflected XSS vulnerability in PHPgurukul visitor management system 1.0, where the search functionality in search-result.php and search-visitor.php fails to sanitize user input. The PoC demonstrates an XSS payload triggered via the search bar.

Description

Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar.

Exploits (1)

nomisec WRITEUP 1 stars

by Agampreet-Singh · poc

https://github.com/Agampreet-Singh/CVE-2024-25202

View Code ZIP pw:eip

This repository documents a reflected XSS vulnerability in PHPgurukul visitor management system 1.0, where the search functionality in search-result.php and search-visitor.php fails to sanitize user input. The PoC demonstrates an XSS payload triggered via the search bar.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: PHPgurukul visitor management system 1.0

Auth required

Prerequisites: Access to the application · Valid session or authentication bypass via SQLi

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit

https://drive.google.com/file/d/1oMNcChsXPMP9pu9lIE2C11n8mzkmLhcY/view

Exploit, Third Party Advisory

https://github.com/Agampreet-Singh/CVE-2024-25202

Exploit, Third Party Advisory

https://medium.com/%40agampreetsingh_93704/cve-2024-25202-discover-by-agampreet-singh-cyber-security-expert-ff8e32f5cf52

Scores

CVSS v3 6.1

EPSS 0.0099

EPSS Percentile 58.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-94

Status published

Products (1)

phpgurukul/user_registration_\&_login_and_user_management_system 1.0

Published Feb 28, 2024

Tracked Since Feb 18, 2026