CVE-2025-45007

{"id": "CVE-2025-45007", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2025-04-30T13:15:49.310", "references": [{"url": "https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/Time-Table-Generator-System/xss-injection.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/Time-Table-Generator-System/xss-injection.md", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the adminname POST request parameter."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en el archivo profile.php de PHPGurukul Timetable Generator System v1.0. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo JavaScript arbitrario mediante el par\u00e1metro de solicitud POST adminname."}], "lastModified": "2025-05-09T13:45:28.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:time_table_generator_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3041A6CB-FD59-4D29-98A3-EA8097DE2890"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}