CVE-2025-45007: XSS
First published: Wed Apr 30 2025(Updated: )
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the adminname POST request parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHPGurukul Timetable Generator System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-45007?
CVE-2025-45007 has a medium severity level due to its potential for exploitation through reflected cross-site scripting.
How does CVE-2025-45007 allow exploitation?
CVE-2025-45007 allows exploitation by enabling remote attackers to execute arbitrary JavaScript code via the adminname POST request parameter.
What systems are affected by CVE-2025-45007?
CVE-2025-45007 specifically affects the PHPGurukul Timetable Generator System v1.0.
How can I mitigate CVE-2025-45007?
To mitigate CVE-2025-45007, validate and sanitize input in the adminname POST request parameter to prevent code execution.
Is there a patch available for CVE-2025-45007?
As of now, no official patch has been released for CVE-2025-45007, and users are advised to apply necessary input validation.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/author
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/phpgurukul
- canonical/phpgurukul timetable generator system