XSS in Phpgurukul Cyber Cafe Mgmt Sys v1.0 User Management
CVE-2025-70891 Published on January 15, 2026
A stored cross-site scripting (XSS) vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An authenticated attacker can inject arbitrary JavaScript code that is persistently stored in the database. The malicious payload is triggered when a privileged user clicks the View button on the view-allusers.php page.
Vulnerability Analysis
CVE-2025-70891 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2025-70891. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2025-70891 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2025-70891
Want to know whenever a new CVE is published for PHPGurukul Cyber Cafe Management System? stack.watch will email you.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.