CVE-2025-2084

LOW

Phpgurukul Human Metapneumovirus - Code Injection

Title source: rule

Description

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /search-report.php of the component Search Report Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry

https://vuldb.com/?id.298896

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.298896

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.514804

Exploit exploit

https://github.com/sorcha-l/cve/blob/main/Human%20Metapneumovirus%20(HMPV)%20%E2%80%93%20Testing%20Management%20System%20%20XSS%20in%20search-report.php.md

View Exploit ZIP pw:eip

Product product

https://phpgurukul.com/

Scores

CVSS v3 3.5

EPSS 0.0017

EPSS Percentile 38.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-94 CWE-79

Status published

Products (1)

phpgurukul/human_metapneumovirus 1.0

Published Mar 07, 2025

Tracked Since Feb 18, 2026