Critical Vulnerability Information Vulnerability Overview CVE ID: CVE-2025-44180 Affected Version: PHPGurukul Vehicle Record Management System V1.0 Vulnerable File: edit-brand.php Parameter: brandname Vulnerability Details Type: Stored Cross-Site Scripting (XSS) Cause: Insufficient validation and sanitization of user input data, allowing attackers to inject malicious scripts. Exploitation Method (PoC) 1. Navigate to the admin configuration page and click “Brand” -> “Manage Brand” to update. 2. Click “Edit” to modify any data. 3. Intercept the POST request to edit-brand.php using Burp Suite. 4. Inject the payload into the vulnerable parameter. - Payload: 5. Example Request: Impact Attackers can execute arbitrary script code in the browsers of affected users by injecting malicious scripts, potentially compromising security and privacy.