CVE-2024-25202

MEDIUM

Phpgurukul <1.0 - XSS

Title source: llm

Description

Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar.

Exploits (1)

nomisec WRITEUP 1 stars

by Agampreet-Singh · poc

https://github.com/Agampreet-Singh/CVE-2024-25202

View Code ZIP pw:eip

References (3)

[Exploit] https://drive.google.com/file/d/1oMNcChsXPMP9pu9lIE2C11n8mzkmLhcY/view

[Exploit, Third Party Advisory] https://github.com/Agampreet-Singh/CVE-2024-25202

[Exploit, Third Party Advisory] https://medium.com/%40agampreetsingh_93704/cve-2024-25202-discover-by-agampreet-singh-cyber-security-expert-ff8e32f5cf52

Scores

CVSS v3 6.1

EPSS 0.0635

EPSS Percentile 91.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-94

Status published

Products (1)

phpgurukul/user_registration_\&_login_and_user_management_system 1.0

Published Feb 28, 2024

Tracked Since Feb 18, 2026