Plattform
php
Komponente
phpgurukul-company-visitor-management-system
Behoben in
2.0.1
A cross-site scripting (XSS) vulnerability has been identified in PHPGurukul Company Visitor Management System versions 2.0.0 through 2.0. This flaw resides within the /bwdates-reports-details.php file, specifically affecting the handling of the fromdate argument. Successful exploitation allows an attacker to inject malicious scripts, potentially compromising user sessions and system integrity. The vulnerability has been publicly disclosed.
The XSS vulnerability in PHPGurukul Company Visitor Management System allows an attacker to inject arbitrary JavaScript code into the application. This code can then be executed in the context of a user's browser when they visit a vulnerable page. Attackers could leverage this to steal session cookies, redirect users to malicious websites, or deface the application. The remote nature of the vulnerability means an attacker doesn't need local access to exploit it, significantly expanding the potential attack surface. The impact is amplified if the system is used to manage sensitive visitor data, as attackers could potentially access or modify this information.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. There is no indication of it being added to CISA KEV or any confirmed exploitation campaigns at this time. Public proof-of-concept code is likely to emerge given the public disclosure. Monitor security advisories and vulnerability databases for updates.
Organizations using PHPGurukul Company Visitor Management System version 2.0.0–2.0, particularly those with publicly accessible instances and inadequate input validation practices, are at risk. Shared hosting environments where multiple users share the same server are also at increased risk, as a compromised user account could be used to exploit the vulnerability and impact other users.
• php / web:
curl -I 'http://your-target-domain.com/bwdates-reports-details.php?fromdate=<script>alert("XSS")</script>' | grep HTTP/1.1• generic web:
grep -i "<script>alert("XSS")</script>" /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.03% (9% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-6162 is to upgrade to a patched version of PHPGurukul Company Visitor Management System. Unfortunately, a specific fixed version is not provided in the CVE details. As a temporary workaround, implement strict input validation and output encoding on the fromdate parameter in /bwdates-reports-details.php. This should include sanitizing user input to prevent the injection of malicious characters. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block suspicious requests. Regularly review and update the application's security configuration.
Aktualisieren Sie das PHPGurukul Company Visitor Management System auf die neueste verfügbare Version, um die XSS-Vulnerability zu mindern. Überprüfen Sie die Anbieterdokumentation für spezifische Aktualisierungsanweisungen. Implementieren Sie zusätzliche Sicherheitsmaßnahmen, wie z. B. die Validierung und Bereinigung von Eingaben, um zukünftige XSS-Angriffe zu verhindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-6162 is a cross-site scripting (XSS) vulnerability in PHPGurukul Company Visitor Management System versions 2.0.0–2.0, allowing attackers to inject malicious scripts via the 'fromdate' parameter.
If you are using PHPGurukul Company Visitor Management System version 2.0.0–2.0 and have not applied a patch, you are potentially affected by this vulnerability.
The recommended fix is to upgrade to a patched version of PHPGurukul Company Visitor Management System. Until then, implement input validation and output encoding.
As of the publication date, there is no confirmed evidence of active exploitation, but a proof-of-concept may be available.
Refer to the PHPGurukul website or security advisories for the official advisory regarding CVE-2026-6162.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.