Cross-Site Scripting Vulnerability in PHPGurukul Medical Card Generation System
CVE-2025-2650

5.1MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Medical Card Generation System
Vendor: CVE Published:; 23 March 2025

Badges

👾 Exploit Exists

What is CVE-2025-2650?

A cross-site scripting (XSS) vulnerability has been identified in the PHPGurukul Medical Card Generation System 1.0. This issue arises from improper handling of the 'searchdata' argument within the '/download-medical-cards.php' file. The flaw allows attackers to inject malicious scripts that could be executed in the context of the user's browser. Since the exploit can be triggered remotely, it poses significant risks for users interacting with the affected system. It is essential for organizations using this product to take immediate steps to mitigate this vulnerability.

Affected Version(s)

Medical Card Generation System 1.0

References

https://vuldb.com/?id.300665

vdb-entrytechnical-description

https://vuldb.com/?ctiid.300665

signaturepermissions-required

https://vuldb.com/?submit.519781

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 23, 2025
Vulnerability published
Mar 23, 2025
Vulnerability Reserved
Mar 22, 2025

Credit

liuhao17328 (VulDB User)

PHPgurukul

Badges

What is CVE-2025-2650?

Affected Version(s)

References

CVSS V4

Timeline

Credit