PHPGurukul Curfew e-Pass MS 1.0 XSS via view-pass-detail.php Fullname/Category
CVE-2025-12312 Published on October 27, 2025
PHPGurukul Curfew e-Pass Management System view-pass-detail.php cross site scripting
A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. Impacted is an unknown function of the file view-pass-detail.php. This manipulation of the argument Fullname/Category causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update 5 days later.
Weakness Types
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2025-12312 has been classified to as a XSS vulnerability or weakness.
What is a Code Injection Vulnerability?
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2025-12312 has been classified to as a Code Injection vulnerability or weakness.
Products Associated with CVE-2025-12312
Want to know whenever a new CVE is published for PHPGurukul Curfew E Pass Management System? stack.watch will email you.
Affected Versions
PHPGurukul Curfew e-Pass Management System Version 1.0 is affected by CVE-2025-12312Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.