- Description
- A vulnerability has been found in Projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /myform.php of the component Add Visitor Page. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
- Products
- visitor_management_system
CVSS 4.0
- Type
- Secondary
- Base score
- 4.8
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 4.8
- Impact score
- 2.7
- Exploitability score
- 1.7
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Secondary
- Base score
- 3.3
- Impact score
- 2.9
- Exploitability score
- 6.4
- Vector string
- AV:N/AC:L/Au:M/C:N/I:P/A:N
- cna@vuldb.com
- CWE-79
- Hype score
- Not currently trending
CVE-2025-11067 Cross-Site Scripting in Projectworlds Visitor Management System 1.0 via Name Parameter https://t.co/rZITulGMhz
@VulmonFeeds
27 Sept 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-11067 A vulnerability has been found in Projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /myform.php of the component Add Visitor Pa… https://t.co/drwzfcdJZz
@CVEnew
27 Sept 2025
456 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projectworlds:visitor_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8090C200-F3C4-403E-9D79-F7F1EAA3CB2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]