CVE-2026-6162

LOW

PHPGurukul Company Visitor Management System bwdates-reports-details.php cross site scripting

Title source: cna

Description

A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/357048

[Signature, Permissions Required] https://vuldb.com/vuln/357048/cti

[Third Party Advisory] https://vuldb.com/submit/797171

[Exploit] https://github.com/f1rstb100d/CVE/issues/44

[Product] https://phpgurukul.com/

Scores

CVSS v3 3.5

EPSS 0.0001

EPSS Percentile 1.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

PHPGurukul/Company Visitor Management System 2.0

Published Apr 13, 2026

Tracked Since Apr 13, 2026