CVE-2025-44182 β€” Cross-site Scripting in Vehicle Record Management System

CWE-79 β€” Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 53.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Anujk305 Vehicle Record Management System
Timeline
PublishedMay 15

Description

Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum, enginenumber' in the /admin/edit-vehicle.php component. This allows attackers to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-67qh-xgqw-xxw5: Phpgurukul Vehicle Record Management System v1β†—2025-05-15
β–Ά
CVEList
CVE-2025-44182: Phpgurukul Vehicle Record Management System v1β†—2025-05-15
β–Ά
CVE-2025-44182 β€” Cross-site Scripting | cvebase