PHPGurukul Company Visitor Management System Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in PHPGurukul Company Visitor Management System version 2.0. The issue resides in the '/bwdates-reports-details.php' file, where the 'fromdate' parameter is not properly sanitized, allowing attackers to inject malicious scripts. This vulnerability can be exploited remotely, with the injected scripts executed in the context of the user's browser, potentially compromising their security and privacy.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the victim's browser.

Reproduction

To reproduce this vulnerability, send a request to the '/bwdates-reports-details.php' file with a crafted 'fromdate' parameter that includes a script payload, such as a script tag containing JavaScript code, such as an alert or a request to a malicious server. When the request is processed, the injected script will be executed in the browser.