CVE-2025-6287
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpgurukul | covid19_testing_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the PHPGurukul COVID19 Testing Management System version 1.0, specifically in the 'Take Action' feature on the /test-details.php page. It occurs because the 'remark' input field does not properly neutralize user input, allowing an attacker to inject malicious JavaScript code that is stored persistently. When other users view the affected page, the malicious script executes in their browsers. [1, 2]
How can this vulnerability impact me? :
The impact of this vulnerability includes session hijacking (stealing user session cookies to impersonate victims), webpage defacement, redirection to malicious sites, malware distribution, and theft of sensitive data displayed on the page. It can be exploited remotely without authentication and requires some user interaction. The vulnerability affects data integrity and can lead to unauthorized actions performed in the context of the victim's browser session. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable page /test-details.php in the PHPGurukul COVID19 Testing Management System 1.0 and testing the 'remark' input field for stored cross-site scripting (XSS). One method is to manually submit a script payload such as `<script>alert('XSS');</script>` into the 'remark' field and observe if the script executes when the page is revisited. Additionally, vulnerable targets can be identified using Google dorking with the query `inurl:test-details.php` to find exposed instances. There are no specific network commands provided, but manual testing of the input field or automated web vulnerability scanners targeting stored XSS on this parameter can be used. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
No official mitigation or patch is currently available for this vulnerability. Immediate steps include avoiding use of the affected PHPGurukul COVID19 Testing Management System 1.0 or replacing it with an alternative product. As a temporary measure, restricting access to the vulnerable page and sanitizing or filtering user input on the 'remark' parameter to prevent script injection may reduce risk. Monitoring for suspicious activity and educating users about the risk of XSS attacks is also advisable. [2]