CVE-2025-7802 MEDIUM

CVE-2025-7802: PHPGurukul Complaint Management System complaint-search.php cross site scripting

Vendor Phpgurukul

Product Complaint Management System

Weakness CWE-79 · XSS

Published July 18, 2025

Last update July 22, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument Search leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

July 18, 2025 CVE published

July 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-7802

Related vulnerabilities

04Related CVE

CVE-2025-6692 YouTube Embed <= 10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via instance Parameter CVE-2024-5406 Multiple vulnerabilities in WinNMP from Wtriple CVE-2024-22288 WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.4.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-11869 Buk for WordPress <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-53240 WordPress WordPress Photo Gallery plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability