PT-2025-47196 · Phpgurukul · Phpgurukul Complaint Management System
Published
2025-11-17
·
Updated
2025-11-17
·
CVE-2024-46335
CVSS v3.1
4.6
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PHPGurukul Complaint Management System version 2.0
Description
The software is susceptible to a Cross Site Scripting (XSS) issue. This flaw is located in the
between-date-userreport.php script and affects the fromdate and todate parameters. Exploitation involves manipulating these parameters to inject malicious scripts. The API endpoint involved is between-date-userreport.php. The vulnerable parameters are fromdate and todate.Recommendations
Apply any available updates to address the issue in the affected version. As a temporary workaround, sanitize the
fromdate and todate parameters before processing them in the between-date-userreport.php script.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Complaint Management System