CVE-2023-40851

MEDIUM

User Registration & Login System 3.0 - Stored XSS via Registration Form

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-40851. PoCs published by Ashutosh Singh Umath.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in User Registration & Login and User Management System v3.0. The payload is injected via user registration fields (fname, lname, email, contact) and executes when viewed by admin or user.

Description

Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ashutosh Singh Umath · textwebappsphp
https://www.exploit-db.com/exploits/51694

This exploit demonstrates a stored XSS vulnerability in User Registration & Login and User Management System v3.0. The payload is injected via user registration fields (fname, lname, email, contact) and executes when viewed by admin or user.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: User Registration & Login and User Management System With admin panel 3.0
No auth needed
Prerequisites: access to user registration page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/51694

Scores

CVSS v3 5.4
EPSS 0.0008
EPSS Percentile 24.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
user_registration_\&_login_and_user_management_system_with_admin_panel_project/user_registration_\&_login_and_user_management_system_with_admin_panel 3.0
Published Oct 16, 2023
Tracked Since Feb 18, 2026