CVE-2025-63611

High CVSS: 8.7

Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). When an administrator opens the complaint, injected HTML/JavaScript executes in the admin's browser.

Vendor

Phpgurukul

Product

Hostel Management System

CWE

CWE-79

Yayın Tarihi

2026-01-08 16:15:45

Güncelleme

2026-01-12 18:45:23

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Hostel Management System HIGH Phpgurukul 2026

Referanslar

https://medium.com/@tanushkushtk01/cve-2025-63611-stored-cross-site-scripting-xss-in-hostel-management-system-v2-1-a23c2efc86ea https://phpgurukul.com/hostel-management-system/

Benzer Kayıtlar

Medium

CVE-2024-51226

A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Recor…

Medium

CVE-2024-51225

A stored cross-site scripting (XSS) vulnerability in the component /admin/add-brand.php of Phpgurukul Vehicle Record Man…

Medium

CVE-2024-51224

Multiple cross-site scripting (XSS) vulnerabilities in the component /admin/edit-vehicle.php of Phpgurukul Vehicle Recor…

Medium

CVE-2024-51223

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Manag…

Medium

CVE-2024-51222

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Manag…

Medium

CVE-2026-3403

A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown process…