Auto Taxi Stand Management System

A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Reflected cross-site scripting in PHPGurukul Taxi Stand Management System 1.0 allows authenticated remote attackers to inject malicious scripts via the registrationnumber or licensenumber parameters in /admin/new-autoortaxi-entry-form.php, requiring user interaction to trigger. The vulnerability carries a low CVSS score of 2.0 due to authentication and user-interaction requirements, though publicly available exploit code exists and EPSS scoring (0.07%) indicates minimal real-world exploitation probability.

Cross-site scripting (XSS) in PHPGurukul Taxi Stand Management System 1.0 allows remote attackers to inject malicious scripts via the searchdata parameter in /search.php. The vulnerability requires user interaction (clicking a malicious link) and has limited integrity impact. A publicly available proof-of-concept exists, though EPSS score of 0.07% suggests minimal real-world exploitation probability despite active public disclosure.

Reflected cross-site scripting (XSS) in PHPGurukul Taxi Stand Management System 1.0 allows remote attackers to inject arbitrary JavaScript via the searchdata parameter in /admin/search-autoortaxi.php. The vulnerability requires user interaction (clicking a malicious link) but no authentication. Publicly available exploit code exists, though EPSS score (0.07%) indicates low real-world exploitation probability relative to CVSS severity.

Stored cross-site scripting (XSS) in PHPGurukul Taxi Stand Management System 1.0 allows authenticated users to inject malicious scripts via the adminname parameter in /admin/admin-profile.php, affecting application integrity. The vulnerability requires user interaction (UI:P per CVSS 4.0 vector) and an authenticated admin account (PR:L), but public exploit code exists and the risk is amplified by the admin-tier access context. EPSS exploitation probability is minimal at 0.05% percentile, suggesting limited real-world weaponization despite proof-of-concept availability.

A vulnerability classified as critical has been found in PHPGurukul Auto Taxi Stand Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.