Cross Site Scripting Vulnerability in PHPGurukul Apartment Visitors Management System
CVE-2025-7858

3.5LOW

Key Information:

Vendor: PHPGurukul
Status: Apartment Visitors Management System
Vendor: CVE Published:; 20 July 2025

What is CVE-2025-7858?

A cross site scripting vulnerability has been identified in version 1.0 of the PHPGurukul Apartment Visitors Management System. It resides within the /admin-profile.php file, specifically affecting the HTTP POST Request Handler. Attackers can manipulate the 'adminname' parameter to execute scripts in the context of the user's browser, potentially leading to unauthorized actions and data exposure. This vulnerability can be exploited remotely, and its details have been made public, increasing the likelihood of attack.

References

https://github.com/HieuGITLAB/my-cves/issues/10

https://phpgurukul.com/

https://vuldb.com/?ctiid.316971

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 20, 2025