CVE-2025-45007

Published: Apr 30, 2025Modified: Jun 17, 2026

4.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the adminname POST request parameter.

Affected (1)

Products: Phpgurukul: Time Table Generator System

1 product

Time Table Generator System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpgurukul Time Table Generator System	Version 1.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/Time-Table-Generator-System/xss-injection.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/Time-Table-Generator-System/xss-injection.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.