{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-57151", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-06T14:01:03.543Z", "dateReserved": "2025-08-17T00:00:00.000Z", "datePublished": "2025-09-03T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T14:01:03.543Z"}, "descriptions": [{"lang": "en", "value": "phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://doc.clickup.com/3897127/p/h/3pxt7-12776/9223d87ec68de28"}, {"url": "https://github.com/hptcybersecurity/CVE/blob/main/CVE-2025-57151.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-09-03T14:42:59.630608Z", "id": "CVE-2025-57151", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-03T14:44:31.498Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-57151", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-03T14:42:59.630608Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-03T14:43:28.706Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://doc.clickup.com/3897127/p/h/3pxt7-12776/9223d87ec68de28"}, {"url": "https://github.com/hptcybersecurity/CVE/blob/main/CVE-2025-57151.md"}], "descriptions": [{"lang": "en", "value": "phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T14:01:03.543Z"}}}, "cveMetadata": {"cveId": "CVE-2025-57151", "state": "PUBLISHED", "dateUpdated": "2026-04-06T14:01:03.543Z", "dateReserved": "2025-08-17T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-09-03T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:complaint_management_system:2.0:*:*:*:-:*:*:*", "matchCriteriaId": "8C6D9515-0DC3-4727-B5B5-2E6C34362BF7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter."}], "id": "CVE-2025-57151", "lastModified": "2026-04-06T15:17:06.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-09-03T15:15:39.313", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://doc.clickup.com/3897127/p/h/3pxt7-12776/9223d87ec68de28"}, {"source": "cve@mitre.org", "url": "https://github.com/hptcybersecurity/CVE/blob/main/CVE-2025-57151.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T00:25:20.898566+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest release of PHPgurukul Complaint Management System that contains the XSS fix, if available.", "If an upgrade is not feasible, modify admin/userprofile.php to apply proper output encoding (for example, htmlspecialchars()) to the fullname parameter before displaying it.", "Deploy a web application firewall rule that detects and blocks common XSS payload patterns targeting the fullname parameter."], "summary": {"action": "Apply Patch", "impact": "Cross Site Scripting"}, "threat_synthesis": {"affected_systems": "This vulnerability affects PHPgurukul's Complaint Management System version 2.0. Administrators who can reach the admin/userprofile.php endpoint are potentially impacted. No other versions or products are listed as affected.", "description_and_impact": "The PHPgurukul Complaint Management System 2.0 is vulnerable to a reflected Cross Site Scripting flaw located in the admin/userprofile.php page via the fullname parameter. Attackers can inject arbitrary script when the parameter is processed, potentially leading to session hijacking, credential theft, or defacement of the web interface. This weakness is categorized as CWE\u201179.", "risk_and_exploitability": "The CVSS base score of 8.8 classifies it as high severity. The EPSS score of less than 1% indicates a very low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves an authenticated administrator supplying a malicious fullname string through the admin interface; if the system does not perform proper output encoding, the injected script can execute in a victim\u2019s browser. Consequently, organizations should treat this as a high\u2011risk issue, especially if the admin portal is exposed to untrusted users or reachable via network edges."}}}}, "created": "2025-09-04T13:12:30.614631+00:00", "title": "XSS Vulnerability in PHPgurukul Complaint Management System 2.0", "updated": "2026-04-28T00:30:15.462076+00:00", "vendors": ["phpgurukul", "phpgurukul$PRODUCT$complaint_management_system"]}