無料スキャン
LOWCVE-2025-13577CVSS 3.5

PHPGurukul Hostel Management System register-complaint.php cross site scripting

翻訳中…

プラットフォーム

php

コンポーネント

hostel-management-system

修正版

2.1.1

AI Confidence: highNVDEPSS 0.0%レビュー済み: 2026年5月
NVDで見る
保存
あなたの言語に翻訳中…

CVE-2025-13577 describes a cross-site scripting (XSS) vulnerability discovered in PHPGurukul Hostel Management System version 2.1. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user accounts and data. The vulnerability resides within the /register-complaint.php file and can be triggered by manipulating the cdetails argument. A public proof-of-concept is available.

影響と攻撃シナリオ翻訳中…

Successful exploitation of CVE-2025-13577 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, phishing attacks, and defacement of the Hostel Management System's interface. An attacker could steal sensitive user data, such as login credentials or personal information stored within the application. The impact is amplified if the system is used to manage sensitive student or staff data, potentially leading to a breach of privacy and regulatory compliance issues. Given the public availability of a proof-of-concept, the risk of exploitation is considered elevated.

悪用の状況翻訳中…

CVE-2025-13577 has been publicly disclosed and a proof-of-concept exploit is available, indicating a higher probability of exploitation. The vulnerability is not currently listed on CISA KEV. The LOW CVSS score reflects the relatively simple exploitation process and potential limited impact, but the public availability of the exploit increases the risk. Active campaigns targeting this specific vulnerability are not currently confirmed, but the ease of exploitation warrants vigilance.

リスク対象者翻訳中…

Educational institutions and organizations utilizing PHPGurukul Hostel Management System version 2.1 are at risk. Specifically, those with publicly accessible instances of the system or those lacking robust input validation practices are particularly vulnerable. Shared hosting environments where multiple users share the same server instance also increase the potential attack surface.

検出手順翻訳中…

• php: Examine /register-complaint.php for unsanitized use of the cdetails variable. Search for instances where user input is directly outputted to the browser without proper encoding. • generic web: Monitor access logs for unusual requests to /register-complaint.php with suspicious parameters in the cdetails field. Look for POST requests containing JavaScript code. • generic web: Use curl to test the /register-complaint.php endpoint with a simple XSS payload (e.g., <script>alert('XSS')</script>).

攻撃タイムライン

  1. Disclosure

    disclosure

脅威インテリジェンス

エクスプロイト状況

概念実証不明
CISA KEVNO
インターネット露出

EPSS

0.03% (10% パーセンタイル)

CISA SSVC

悪用状況poc
自動化可能no
技術的影響partial

CVSS ベクトル

脅威インテリジェンス· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R3.5LOWAttack VectorNetwork攻撃者がターゲットに到達する方法Attack ComplexityLow悪用に必要な条件Privileges RequiredLow攻撃に必要な認証レベルUser InteractionRequired被害者の操作が必要かどうかScopeUnchanged影響コンポーネント外への波及ConfidentialityNone機密データ漏洩のリスクIntegrityLow不正データ改ざんのリスクAvailabilityNoneサービス障害のリスクnextguardhq.com · CVSS v3.1 基本スコア
これらのメトリクスの意味は?
Attack Vector
ネットワーク — インターネット経由でリモートから悪用可能。物理・ローカルアクセス不要。
Attack Complexity
低 — 特別な条件不要。安定して悪用可能。
Privileges Required
低 — 有効なユーザーアカウントがあれば十分。
User Interaction
必要 — 被害者がファイルを開く、リンクをクリックするなどのアクションが必要。
Scope
変化なし — 影響は脆弱なコンポーネントのみ。
Confidentiality
なし — 機密性への影響なし。
Integrity
低 — 限定的な範囲でデータ変更可能。
Availability
なし — 可用性への影響なし。

影響を受けるソフトウェア

コンポーネントhostel-management-system
ベンダーPHPGurukul
影響範囲修正版
2.1 – 2.12.1.1

弱点分類 (CWE)

CWE-79CWE-94

タイムライン

  1. 予約済み
  2. 公開日
  3. 更新日
  4. EPSS 更新日
未パッチ — 公開から181日経過

緩和策と回避策翻訳中…

The primary mitigation for CVE-2025-13577 is to upgrade to a patched version of PHPGurukul Hostel Management System. Since a fixed version is not specified, thoroughly review the vendor's release notes for updates addressing XSS vulnerabilities. As a temporary workaround, implement strict input validation and output encoding on the cdetails parameter within the /register-complaint.php file. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly scan the application for XSS vulnerabilities using automated tools.

修正方法翻訳中…

Actualizar a una versión parcheada del sistema de gestión de hostales PHPGurukul. Contacte al proveedor para obtener una versión corregida o aplique las medidas de seguridad necesarias para evitar ataques XSS en el archivo register-complaint.php.

CVEセキュリティニュースレター

脆弱性分析と重要アラートをメールでお届けします。

よくある質問翻訳中…

What is CVE-2025-13577 — XSS in PHPGurukul Hostel Management System?

CVE-2025-13577 is a cross-site scripting (XSS) vulnerability in PHPGurukul Hostel Management System version 2.1, allowing attackers to inject malicious scripts via the 'cdetails' parameter in /register-complaint.php.

Am I affected by CVE-2025-13577 in PHPGurukul Hostel Management System?

If you are using PHPGurukul Hostel Management System version 2.1, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.

How do I fix CVE-2025-13577 in PHPGurukul Hostel Management System?

Upgrade to a patched version of PHPGurukul Hostel Management System. If a patch is not available, implement input validation and output encoding on the 'cdetails' parameter and consider using a WAF.

Is CVE-2025-13577 being actively exploited?

While active campaigns are not confirmed, a proof-of-concept is publicly available, increasing the risk of exploitation.

Where can I find the official PHPGurukul advisory for CVE-2025-13577?

Refer to the PHPGurukul website and security advisories for updates and information regarding CVE-2025-13577.

あなたのプロジェクトは影響を受けていますか?

依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。

無料スキャンCVEを検索