QwikSec

Security Database

CVE

CWE

Training

CVE-2020-25761

Published: Sep 29, 2020

Modified: Nov 11, 2025

PUBLISHED

Description

Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20200922 Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS

mailing-list

http://packetstormsecurity.com/files/159263/Visitor-Management-System-In-PHP-1.0-Cross-Site-Scripting.html

https://packetstormsecurity.com/files/author/15149/

https://www.exploit-db.com/exploits/48830

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.