Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows malicious users to execute arbitrary code and obtain sensitive information via the fromdate and todate parameters.