CVE-2025-2650

CWE-79Cross-site Scripting (XSS)CWE-94Code InjectionCWE-770Allocation without Limits4 documents4 sources
Severity
5.1MEDIUM
EPSS
0.2%
top 63.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul Medical Card Generation System
Timeline
PublishedMar 23

Description

A vulnerability, which was classified as problematic, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /download-medical-cards.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
PHPGurukul Medical Card Generation System download-medical-cards.php cross site scripting2025-03-23
GHSA
GHSA-2c7q-qhgc-2h32: A vulnerability, which was classified as problematic, has been found in PHPGurukul Medical Card Generation System 12025-03-23

📋Vendor Advisories

1
Microsoft
Possible DoS translating ASN.1 object identifiers2023-05-09
CVE-2025-2650 (MEDIUM CVSS 5.1) | A vulnerability | cvebase.io