exploitDog

CVE-2025-28016

Опубликовано: 30 сент. 2025

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters.

Ссылки

https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/User%20Registration%20&%20Login%20and%20User%20Management%20System%20With%20admin%20panel/XSS%20njection%20-%20edit-profile.md
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:user_registration_\&_login_and_user_management_system:3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00091

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-4gh5-vrmm-878w

CVSS3: 4.8

github

4 месяца назад

A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters.

EPSS

Процентиль: 26%

0.00091

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79