CVE-2026-3403

LOW

PHPGurukul SRMS 1.0 - XSS

Title source: llm

Description

A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown processing of the file /edit-subject.php. Performing a manipulation of the argument Subject 1 results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.

References (5)

[Issue Tracking] https://github.com/AS-AbdulSamad/CVEs/issues/3

[Various Sources] https://phpgurukul.com/

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.348298

[Permissions Required, VDB Entry] https://vuldb.com/?id.348298

[Permissions Required, VDB Entry] https://vuldb.com/?submit.763324

Scores

CVSS v3 2.4

EPSS 0.0003

EPSS Percentile 6.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-94 CWE-79

Status published

Affected Products (1)

phpgurukul/student_record_system

Timeline

Published Mar 02, 2026

Tracked Since Mar 02, 2026