CVE-2020-25761

Name of the Vulnerable Software and Affected Versions Projectworlds Visitor Management System in PHP version 1.0

Description The issue allows for cross-site scripting (XSS) attacks due to a lack of input validation on request parameters in the myform.php file. An attacker can inject javascript payloads into the parameters to perform various attacks, such as stealing cookies and sensitive information.

Recommendations For Projectworlds Visitor Management System in PHP version 1.0, consider implementing input validation on the request parameters in the myform.php file to prevent XSS attacks. As a temporary workaround, restrict access to the myform.php file until a patch is available.