Cross Site Scripting Vulnerability in PHPGurukul Online Shopping Portal by PHPGurukul
CVE-2025-57576

5.4MEDIUM

Key Information:

Vendor: PHPGurukul
Status: PHPGurukul Online Shopping Portal
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-57576?

The PHPGurukul Online Shopping Portal 2.1 has a vulnerability in the /admin/updateorder.php file that allows attackers to execute arbitrary scripts in the context of the browser session. This Cross Site Scripting (XSS) flaw can lead to unauthorized actions on behalf of a legitimate user, compromising sensitive data and potentially enabling further exploitation. It is crucial for administrators to mitigate this risk by validating user inputs and employing proper output encoding.

References

https://github.com/p0et08/DWrwq/blob/main/README.md

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Aug 17, 2025