CVE-2023-40851

MEDIUM

Phpgurukul <3.0 - XSS

Title source: llm

Description

Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ashutosh Singh Umath · textwebappsphp

https://www.exploit-db.com/exploits/51694

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/51694

Scores

CVSS v3 5.4

EPSS 0.0008

EPSS Percentile 24.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

user_registration_\&_login_and_user_management_system_with_admin_panel_project/user_registration_\&_login_and_user_management_system_with_admin_panel 3.0

Published Oct 16, 2023

Tracked Since Feb 18, 2026