| Titel | PHPGurukul Student Record Management System 1.0 Stored XSS in [/edit-subject.php] endpoint on [Subject 1] field |
|---|
| Beschreibung | A Stored Cross-Site Scripting (XSS) vulnerability exists in Student Record Management System Version 1.0 developed by PHPGurukul. The vulnerability is present in the /edit-subject.php endpoint, specifically in the Subject 1 field. The application fails to properly validate and encode user-supplied input before storing it in the database and rendering it in the browser.
An authenticated administrator can inject malicious JavaScript code into the Subject 1 field. The payload is stored persistently in the backend database and executed when the subject record is viewed or edited. This allows arbitrary JavaScript execution in the administrator’s browser context. |
|---|
| Quelle | ⚠️ https://github.com/AS-AbdulSamad/CVEs/issues/3 |
|---|
| Benutzer | AS-AbdulSamad (UID 95469) |
|---|
| Einreichung | 19.02.2026 20:13 (vor 2 Monaten) |
|---|
| Moderieren | 01.03.2026 07:49 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 348298 [PHPGurukul Student Record Management System 1.0 /edit-subject.php Subject 1 Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|