CVE-2023-33580

MEDIUM

Phpgurukul Student Study Center Management System V1.0 - XSS

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-33580. PoCs published by VIVEK CHOUDHARY, sudovivek.

AI-analyzed exploit summary This is a writeup describing a Stored XSS vulnerability in Student Study Center Management System v1.0, where the 'Admin Name' field fails to sanitize input, allowing arbitrary JavaScript execution. The steps to reproduce include injecting an XSS payload into the admin profile.

Description

Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.

Exploits (2)

exploitdb WRITEUP VERIFIED

by VIVEK CHOUDHARY · textwebappsphp

https://www.exploit-db.com/exploits/51528

View Code ZIP pw:eip

This is a writeup describing a Stored XSS vulnerability in Student Study Center Management System v1.0, where the 'Admin Name' field fails to sanitize input, allowing arbitrary JavaScript execution. The steps to reproduce include injecting an XSS payload into the admin profile.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Student Study Center Management System v1.0

Auth required

Prerequisites: Access to admin credentials · Admin profile page access

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by sudovivek · poc

https://github.com/sudovivek/Published-CVE

View Code ZIP pw:eip

This repository provides a writeup describing two vulnerabilities: CVE-2023-33580 (Stored XSS in Student Study Center Management System V1.0) and CVE-2023-33584 (SQL Injection in Enrollment System Project V1.0). It includes details on exploit authors, vendor information, and reproduction steps but does not contain actual exploit code.

Classification

Writeup 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Student Study Center Management System V1.0 | Enrollment System Project V1.0

No auth needed

Prerequisites: Access to vulnerable application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources

https://github.com/sudovivek/My-CVE/blob/main/CVE-2023-33580_exploit.md

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/173030/Student-Study-Center-Management-System-1.0-Cross-Site-Scripting.html

Product

https://phpgurukul.com/student-study-center-management-system-using-php-and-mysql/

Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/51528

Scores

CVSS v3 4.8

EPSS 0.0215

EPSS Percentile 79.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

phpgurukul/student_study_center_management_system 1.0

Published Jun 26, 2023

Tracked Since Feb 18, 2026