Platform
php
Component
hostel-management-system
Fixed in
2.1.1
CVE-2025-13577 describes a cross-site scripting (XSS) vulnerability discovered in PHPGurukul Hostel Management System version 2.1. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user accounts and data. The vulnerability resides within the /register-complaint.php file and can be triggered by manipulating the cdetails argument. A public proof-of-concept is available.
Successful exploitation of CVE-2025-13577 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, phishing attacks, and defacement of the Hostel Management System's interface. An attacker could steal sensitive user data, such as login credentials or personal information stored within the application. The impact is amplified if the system is used to manage sensitive student or staff data, potentially leading to a breach of privacy and regulatory compliance issues. Given the public availability of a proof-of-concept, the risk of exploitation is considered elevated.
CVE-2025-13577 has been publicly disclosed and a proof-of-concept exploit is available, indicating a higher probability of exploitation. The vulnerability is not currently listed on CISA KEV. The LOW CVSS score reflects the relatively simple exploitation process and potential limited impact, but the public availability of the exploit increases the risk. Active campaigns targeting this specific vulnerability are not currently confirmed, but the ease of exploitation warrants vigilance.
Exploit Status
EPSS
0.03% (10% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-13577 is to upgrade to a patched version of PHPGurukul Hostel Management System. Since a fixed version is not specified, thoroughly review the vendor's release notes for updates addressing XSS vulnerabilities. As a temporary workaround, implement strict input validation and output encoding on the cdetails parameter within the /register-complaint.php file. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly scan the application for XSS vulnerabilities using automated tools.
Update to a patched version of the PHPGurukul Hostel Management System. Contact the vendor for a corrected version or apply the necessary security measures to prevent XSS attacks in the register-complaint.php file.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-13577 is a cross-site scripting (XSS) vulnerability in PHPGurukul Hostel Management System version 2.1, allowing attackers to inject malicious scripts via the 'cdetails' parameter in /register-complaint.php.
If you are using PHPGurukul Hostel Management System version 2.1, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
Upgrade to a patched version of PHPGurukul Hostel Management System. If a patch is not available, implement input validation and output encoding on the 'cdetails' parameter and consider using a WAF.
While active campaigns are not confirmed, a proof-of-concept is publicly available, increasing the risk of exploitation.
Refer to the PHPGurukul website and security advisories for updates and information regarding CVE-2025-13577.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.