Time Table Generator System
Monthly
Stored cross-site scripting (XSS) in PHPGurukul Time Table Generator System 1.0 allows authenticated users to inject malicious scripts via the adminname parameter in /admin/profile.php, affecting other users who view the compromised admin profile. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting direct impact to integrity (VI:L), but publicly available exploit code demonstrates feasibility for authorized attackers to escalate privileges or perform actions on behalf of administrators.
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in PHPGurukul Time Table Generator System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stored cross-site scripting (XSS) in PHPGurukul Time Table Generator System 1.0 allows authenticated users to inject malicious scripts via the adminname parameter in /admin/profile.php, affecting other users who view the compromised admin profile. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting direct impact to integrity (VI:L), but publicly available exploit code demonstrates feasibility for authorized attackers to escalate privileges or perform actions on behalf of administrators.
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in PHPGurukul Time Table Generator System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.