Vulnerabilities > Phpgurukul > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-05 | CVE-2021-39411 | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php. | 6.1 |
| 2021-10-27 | CVE-2021-37805 | Cross-site Scripting vulnerability in PHPgurukul Vehicle Parking Management System 1.0 A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. | 5.4 |
| 2021-10-27 | CVE-2021-37806 | SQL Injection vulnerability in PHPgurukul Vehicle Parking Management System 1.0 An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. | 5.9 |
| 2021-10-27 | CVE-2021-37808 | SQL Injection vulnerability in PHPgurukul News Portal 3.1 SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). | 5.9 |
| 2021-10-13 | CVE-2021-42223 | Cross-site Scripting vulnerability in PHPgurukul Online DJ Booking Management System 1.0 Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php. | 6.1 |
| 2021-08-19 | CVE-2021-27822 | Cross-site Scripting vulnerability in PHPgurukul Vehicle Parking Management System 1.0 A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field. | 4.8 |
| 2021-07-01 | CVE-2021-28424 | Cross-site Scripting vulnerability in PHPgurukul Teachers Record Management System 1.0 A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php. | 5.4 |
| 2021-06-22 | CVE-2020-22167 | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. | 5.4 |
| 2021-05-26 | CVE-2021-33469 | Cross-site Scripting vulnerability in PHPgurukul Covid19 Testing Management System 1.0 COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter. | 4.8 |
| 2021-04-15 | CVE-2021-27545 | SQL Injection vulnerability in PHPgurukul Beauty Parlour Management System 1.0 SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. | 6.5 |