| 제목 | PHPGurukul Student Record Management System 1.0 Stored XSS in [/edit-course.php] endpoint on [Course Short Name] |
|---|
| 설명 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Student Record Management System Version 1.0 developed by PHPGurukul. The vulnerability is present in the /edit-course.php endpoint, specifically in the Course Short Name field. The application fails to properly validate and encode user-supplied input before storing it in the database and rendering it in the browser.
An authenticated administrator can inject malicious JavaScript code into the Course Short Name field via the add course functionality. The payload is stored in the database and executed when the course is viewed or edited through the manage courses functionality. |
|---|
| 원천 | ⚠️ https://github.com/AS-AbdulSamad/CVEs/issues/2 |
|---|
| 사용자 | AS-AbdulSamad (UID 95469) |
|---|
| 제출 | 2026. 02. 19. PM 08:11 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 01. AM 07:49 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 348297 [PHPGurukul Student Record Management System 까지 1.0 /edit-course.php Course Short Name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|