Gate Pass Management System
Monthly
Stored cross-site scripting (XSS) in projectworlds Gate Pass Management System 1.0 allows authenticated users to inject malicious scripts via the /add-pass.php endpoint, which execute in the browsers of other users who view the affected content. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting its scope to reflected or stored XSS within an authenticated session. Publicly available exploit code exists, though EPSS exploitation probability remains very low at 0.03%, suggesting limited real-world weaponization despite public disclosure.
A vulnerability has been found in projectworlds Gate Pass Management System 1.0. This issue affects some unknown processing of the file /add-pass.php. Such manipulation of the argument fullname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Stored cross-site scripting (XSS) in projectworlds Gate Pass Management System 1.0 allows authenticated users to inject malicious scripts via the /add-pass.php endpoint, which execute in the browsers of other users who view the affected content. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting its scope to reflected or stored XSS within an authenticated session. Publicly available exploit code exists, though EPSS exploitation probability remains very low at 0.03%, suggesting limited real-world weaponization despite public disclosure.
A vulnerability has been found in projectworlds Gate Pass Management System 1.0. This issue affects some unknown processing of the file /add-pass.php. Such manipulation of the argument fullname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.