| tiêu đề | PHPGurukul Student Record Management System 1.0 Stored XSS in [/edit-course.php] endpoint on [Course Short Name] |
|---|
| Mô tả | A Stored Cross-Site Scripting (XSS) vulnerability exists in Student Record Management System Version 1.0 developed by PHPGurukul. The vulnerability is present in the /edit-course.php endpoint, specifically in the Course Short Name field. The application fails to properly validate and encode user-supplied input before storing it in the database and rendering it in the browser.
An authenticated administrator can inject malicious JavaScript code into the Course Short Name field via the add course functionality. The payload is stored in the database and executed when the course is viewed or edited through the manage courses functionality. |
|---|
| Nguồn | ⚠️ https://github.com/AS-AbdulSamad/CVEs/issues/2 |
|---|
| Người dùng | AS-AbdulSamad (UID 95469) |
|---|
| Đệ trình | 19/02/2026 20:11 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 01/03/2026 07:49 (9 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 348297 [PHPGurukul Student Record Management System đến 1.0 /edit-course.php Course Short Name Tập lệnh chéo trang] |
|---|
| điểm | 20 |
|---|