CVE-2025-6285 – PHPGurukul COVID19 Testing Management System PHP Cross-Site Scripting Vulnerability

June 19, 2025

CVE ID : CVE-2025-6285

Published : June 19, 2025, 11:15 p.m. | 3 hours, 25 minutes ago

Description : A vulnerability was found in PHPGurukul COVID19 Testing Management System 2021. It has been rated as problematic. This issue affects some unknown processing of the file /search-report-result.php. The manipulation of the argument q leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6283 – Xataio Xata Agent Path Traversal Vulnerability

Next Article CVE-2025-6284 – PHPGurukul Car Rental Portal Cross-Site Request Forgery Vulnerability

Highlights

CVE-2025-52883 – Meshtastic-Android PKC Impersonation Vulnerability

June 24, 2025

CVE ID : CVE-2025-52883

Published : June 24, 2025, 9:15 p.m. | 5 hours, 40 minutes ago

Description : Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any other node of the mesh. This message will be displayed in the same chat that the victim normally communicates with the other node and it will appear as using PKC, while it is not. This means that the victim will be provided with a false sense of security due to the green padlock displayed when using PKC and they’ll read the attacker’s message as legitimate. Version 2.5.21 contains a patch for the issue. It is suggested to implement a stricter control on whether a message has been received using PKC or using the shared Meshtastic channel key. Moreover, instead of showing no green padlock icon in the chat with no PKC, consider using an explicit indicator like, for example, the yellow half-open padlock displayed when in HAM mode. This remediation, however, applies to the client applications rather than the Meshtastic firmware.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

The attack on the npm ecosystem continues

The attack on the npm ecosystem continues

Feature Highlight

SVAR React Core – New UI Library with 20+ Components

Hyprland Made Easy: Preconfigured Beautiful Distros

Hyprland Made Easy: Preconfigured Beautiful Distros

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

CVE-2025-6285 – PHPGurukul COVID19 Testing Management System PHP Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Gourmand Recipe Manager

What’re Your Top 4 CSS Properties?

Remember the metaverse? — Microsoft Teams does, and it’s rebooting virtual meetings with immersive events

CVE-2025-48381 – CVAT Information Disclosure Vulnerability

CVE-2025-52883 – Meshtastic-Android PKC Impersonation Vulnerability

CVE-2025-30678 – Trend Micro Apex Central SSRF Vulnerability

CVE-2025-52935 – DragonflyDB Redis Lua Integer Overflow

CVE-2025-47729 – TeleMessage End-to-End Encryption Vulnerability

CVE-2025-6285 – PHPGurukul COVID19 Testing Management System PHP Cross-Site Scripting Vulnerability

Related Posts