CVE-2025-11390

PHPGurukul Cyber Cafe Management System POST Parameter search.php cross site scripting

CVSS 5.3 MEDIUMEPSS 0.3%CWE-79 CWE-94

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

07 oct 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A weakness has been identified in PHPGurukul Cyber Cafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php of the component POST Parameter Handler. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Productos afectados

PHPGurukul · Cyber Cafe Management System

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/QIU-DIE/CVE/issues/4 https://phpgurukul.com/https://vuldb.com/?ctiid.327317 https://vuldb.com/?id.327317 https://vuldb.com/?submit.664984 https://vuldb.com/?submit.665028