Cross-Site Scripting Vulnerability in PHPGurukul Bus Pass Management System
CVE-2025-6288

2.4LOW

Key Information:

Vendor: PHPGurukul
Status: Bus Pass Management System
Vendor: CVE Published:; 20 June 2025

What is CVE-2025-6288?

A significant cross-site scripting vulnerability exists in the PHPGurukul Bus Pass Management System, specifically within the admin profile page. This vulnerability allows attackers to manipulate the argument 'profile name' in the /admin/admin-profile.php file. If exploited, it enables attackers to inject malicious scripts, which may be executed in the context of other users’ browsers. This exposure poses a serious risk as the attack can be launched remotely, potentially compromising user data and application integrity.

References

https://phpgurukul.com/

https://vuldb.com/?ctiid.313292

https://vuldb.com/?id.313292

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2025