Cross Site Scripting Vulnerability in PHPGurukul COVID19 Testing Management System
CVE-2025-6287

3.5LOW

Key Information:

Vendor: PHPGurukul
Status: COVID19 Testing Management System
Vendor: CVE Published:; 20 June 2025

What is CVE-2025-6287?

A vulnerability has been identified in the PHPGurukul COVID19 Testing Management System 1.0, specifically within the /test-details.php file of the Take Action component. This issue arises from improper handling of user input in the remark argument, which can be manipulated to execute cross site scripting (XSS) attacks. Since this vulnerability can be exploited remotely, it poses significant risks, particularly as the exploit details have been publicly disclosed. This can allow attackers to inject malicious scripts into pages viewed by other users, potentially compromising user data and security.

References

https://phpgurukul.com/

https://vuldb.com/?ctiid.313291

https://vuldb.com/?id.313291

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2025