{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T03:11:12.322","vulnerabilities":[{"cve":{"id":"CVE-2025-70891","sourceIdentifier":"cve@mitre.org","published":"2026-01-15T21:16:04.903","lastModified":"2026-01-22T16:01:16.537","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting (XSS) vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An authenticated attacker can inject arbitrary JavaScript code that is persistently stored in the database. The malicious payload is triggered when a privileged user clicks the View button on the view-allusers.php page."},{"lang":"es","value":"Una vulnerabilidad de cross-site scripting (XSS) almacenado existe en Phpgurukul Cyber Cafe Management System v1.0 dentro del módulo de gestión de usuarios. La aplicación no sanitiza o codifica adecuadamente la entrada proporcionada por el usuario enviada a través del parámetro uadd en el endpoint add-users.php. Un atacante autenticado puede inyectar código JavaScript arbitrario que se almacena persistentemente en la base de datos. La carga útil maliciosa se activa cuando un usuario privilegiado hace clic en el botón 'View' en la página view-allusers.php."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phpgurukul:cyber_cafe_management_system:1.0:*:*:*:*:*:*:*","matchCriteriaId":"076A2810-A876-4B7D-B728-BCCE977A7225"}]}]}],"references":[{"url":"https://github.com/efekaanakkar/Cyber-Cafe-Management-System-CVEs/tree/main/CVE-2025-70891","source":"cve@mitre.org","tags":["Exploit","Mitigation","Third Party Advisory"]},{"url":"https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql","source":"cve@mitre.org","tags":["Product"]}]}}]}