Apartment Visitors Management System

Reflected cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows remote attackers to inject malicious scripts via the searchdata parameter in /search-visitor.php. The vulnerability requires user interaction (clicking a malicious link) but enables session hijacking, credential theft, and malware distribution. Publicly available exploit code exists; however, the low EPSS score (0.07%) and minimal scope impact suggest limited real-world exploitation pressure despite public disclosure.

Stored cross-site scripting in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated users to inject malicious scripts via the adminname parameter in /admin-profile.php, affecting other administrators who view the modified profile. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting its severity despite remote network accessibility. Publicly available exploit code exists, though real-world exploitation depends on social engineering authenticated users to click malicious links or administrative interaction.

Reflected cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated remote attackers to inject malicious JavaScript via the visname parameter in bwdates-passreports-details.php, with user interaction required. Publicly available exploit code exists, though EPSS exploitation probability remains low at 0.05%, indicating limited real-world weaponization despite disclosure.

Stored cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated users to inject malicious scripts via the visname parameter in pass-details.php, which are then executed in the context of other users' browsers. The vulnerability requires user interaction (UI:P) but can be exploited remotely by any authenticated user with access to the HTTP POST request handler. Publicly available exploit code exists, though the low EPSS score (0.05%) and requirement for user interaction and authentication suggest limited real-world exploitation risk.

Stored cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated users to inject malicious scripts via the categoryname parameter in /category.php, which are subsequently reflected to other users. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting its direct impact to user account compromise or session hijacking of visiting administrators. Public exploit code is available and exploitation probability is low (EPSS 0.05%), suggesting limited real-world weaponization despite public disclosure.

Reflected cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated remote attackers to inject malicious scripts via the visname parameter in /bwdates-reports.php, executing arbitrary JavaScript in victim browsers when user interaction occurs. Publicly available exploit code exists; EPSS score of 0.05% indicates low real-world exploitation probability despite public POC availability.

Stored cross-site scripting (XSS) in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated remote attackers to inject malicious JavaScript via the visname parameter in /visitor-detail.php, which is then reflected to other users. The vulnerability requires user interaction (clicking a malicious link) but affects confidentiality and integrity of the application. Exploit code is publicly available on GitHub, though real-world exploitation remains limited (EPSS 0.05%).

Cross-site scripting vulnerability in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated users with high privileges to inject malicious scripts via the visname parameter in the /manage-newvisitors.php endpoint, exploitable only when the victim user clicks a crafted link. The CVSS score of 1.9 reflects the severe privilege requirement (PR:H), mandatory user interaction (UI:P), and limited impact (integrity only); EPSS exploitation probability is minimal at 0.05%, indicating this poses negligible real-world risk despite publicly available exploit code.

A vulnerability classified as critical was found in PHPGurukul Apartment Visitors Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability, which was classified as critical, has been found in PHPGurukul Apartment Visitors Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability classified as critical was found in projectworlds Apartment Visitors Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.