| tiêu đề | PHPGurukul Student Record Management System 1.0 Stored XSS in [/edit-subject.php] endpoint on [Subject 1] field |
|---|
| Mô tả | A Stored Cross-Site Scripting (XSS) vulnerability exists in Student Record Management System Version 1.0 developed by PHPGurukul. The vulnerability is present in the /edit-subject.php endpoint, specifically in the Subject 1 field. The application fails to properly validate and encode user-supplied input before storing it in the database and rendering it in the browser.
An authenticated administrator can inject malicious JavaScript code into the Subject 1 field. The payload is stored persistently in the backend database and executed when the subject record is viewed or edited. This allows arbitrary JavaScript execution in the administrator’s browser context. |
|---|
| Nguồn | ⚠️ https://github.com/AS-AbdulSamad/CVEs/issues/3 |
|---|
| Người dùng | AS-AbdulSamad (UID 95469) |
|---|
| Đệ trình | 19/02/2026 20:13 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 01/03/2026 07:49 (9 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 348298 [PHPGurukul Student Record Management System 1.0 /edit-subject.php Subject 1 Tập lệnh chéo trang] |
|---|
| điểm | 20 |
|---|