Security Vulnerabilities
SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-07-29
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccity' parameter in /city.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-07-29
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccountry' parameter in/country.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-07-29
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-07-29
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-07-28
Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-07-28
Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-07-28
Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-07-28
Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-28
Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-07-28