| Title | PHPGurukul Student Record Management System 1.0 Stored XSS in [/edit-course.php] endpoint on [Course Short Name] |
|---|
| Description | A Stored Cross-Site Scripting (XSS) vulnerability exists in Student Record Management System Version 1.0 developed by PHPGurukul. The vulnerability is present in the /edit-course.php endpoint, specifically in the Course Short Name field. The application fails to properly validate and encode user-supplied input before storing it in the database and rendering it in the browser.
An authenticated administrator can inject malicious JavaScript code into the Course Short Name field via the add course functionality. The payload is stored in the database and executed when the course is viewed or edited through the manage courses functionality. |
|---|
| Source | ⚠️ https://github.com/AS-AbdulSamad/CVEs/issues/2 |
|---|
| User | AS-AbdulSamad (UID 95469) |
|---|
| Submission | 02/19/2026 20:11 (2 months ago) |
|---|
| Moderation | 03/01/2026 07:49 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 348297 [PHPGurukul Student Record Management System up to 1.0 /edit-course.php Course Short Name cross site scripting] |
|---|
| Points | 20 |
|---|