Cross Site Scripting Vulnerability in PHPGurukul COVID19 Testing Management System
CVE-2025-6287

5.1MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Covid19 Testing Management System
Vendor: CVE Published:; 20 June 2025

What is CVE-2025-6287?

A vulnerability has been identified in the PHPGurukul COVID19 Testing Management System 1.0, specifically within the /test-details.php file of the Take Action component. This issue arises from improper handling of user input in the remark argument, which can be manipulated to execute cross site scripting (XSS) attacks. Since this vulnerability can be exploited remotely, it poses significant risks, particularly as the exploit details have been publicly disclosed. This can allow attackers to inject malicious scripts into pages viewed by other users, potentially compromising user data and security.

Affected Version(s)

COVID19 Testing Management System 1.0

References

https://vuldb.com/?id.313291

vdb-entrytechnical-description

https://vuldb.com/?ctiid.313291

signaturepermissions-required

https://vuldb.com/?submit.593878

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2025

PHPgurukul

What is CVE-2025-6287?

Affected Version(s)

References

CVSS V4

Timeline