| Title | PHPGurukul Student Record Management System 1.0 Stored XSS in [/edit-subject.php] endpoint on [Subject 1] field |
|---|
| Description | A Stored Cross-Site Scripting (XSS) vulnerability exists in Student Record Management System Version 1.0 developed by PHPGurukul. The vulnerability is present in the /edit-subject.php endpoint, specifically in the Subject 1 field. The application fails to properly validate and encode user-supplied input before storing it in the database and rendering it in the browser.
An authenticated administrator can inject malicious JavaScript code into the Subject 1 field. The payload is stored persistently in the backend database and executed when the subject record is viewed or edited. This allows arbitrary JavaScript execution in the administrator’s browser context. |
|---|
| Source | ⚠️ https://github.com/AS-AbdulSamad/CVEs/issues/3 |
|---|
| User | AS-AbdulSamad (UID 95469) |
|---|
| Submission | 02/19/2026 20:13 (2 months ago) |
|---|
| Moderation | 03/01/2026 07:49 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 348298 [PHPGurukul Student Record Management System 1.0 /edit-subject.php Subject 1 cross site scripting] |
|---|
| Points | 20 |
|---|