CVE-2020-25270

MEDIUM

PHPGurukul hostel-management-system 2.1 - Stored XSS via Guardian Name/Relation/Contact/Address/City

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-25270. PoCs published by Kokn3t, Ko-kn3t.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in PHPGurukul Hostel Management System 2.1. The exploit involves injecting malicious scripts into user input fields during the hostel booking process, which are then executed when viewed by admin users.

Description

PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.

Exploits (2)

exploitdb WRITEUP
by Kokn3t · textwebappsphp
https://www.exploit-db.com/exploits/48905

This is a writeup describing a stored XSS vulnerability in PHPGurukul Hostel Management System 2.1. The exploit involves injecting malicious scripts into user input fields during the hostel booking process, which are then executed when viewed by admin users.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PHPGurukul Hostel Management System V 2.1
Auth required
Prerequisites: Access to a user account in the Hostel Management System · Admin user interaction to view the malicious input
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 1 stars
by Ko-kn3t · poc
https://github.com/Ko-kn3t/CVE-2020-25270

This repository contains a writeup detailing a stored XSS vulnerability in PHPGurukul Hostel Management System 2.1. The vulnerability allows attackers to inject malicious scripts via multiple input fields, which are then executed when viewed by users or admins.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PHPGurukul Hostel Management System 2.1
Auth required
Prerequisites: Access to a user account · Admin access to view full details for admin-side exploitation
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Not Applicable x_refsource_misc
https://phpgurukul.com
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Ko-kn3t/CVE-2020-25270

Scores

CVSS v3 5.4
EPSS 0.0315
EPSS Percentile 86.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
phpgurukul/hostel_management_system 2.1
Published Oct 08, 2020
Tracked Since Feb 18, 2026