Platform
php
Component
cves
Fixed in
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in PHPGurukul Student Record Management System versions up to 1.0. This flaw allows attackers to inject malicious scripts into the application via manipulation of the 'Course Short Name' parameter within the /edit-course.php file. Successful exploitation could lead to session hijacking or other malicious actions, impacting users of the system. The vulnerability was publicly disclosed on 2026-03-02 and mitigation focuses on patching.
The XSS vulnerability in PHPGurukul Student Record Management System allows an attacker to inject arbitrary JavaScript code into the application's web pages. This code can then be executed in the context of a victim's browser when they visit a compromised page. An attacker could leverage this to steal session cookies, redirect users to malicious websites, or deface the application. The attack is remotely exploitable, meaning an attacker doesn't need to be on the same network as the server. Given the nature of XSS, the potential impact extends to any user interacting with the vulnerable page, potentially compromising sensitive data or system access.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. The exploit is relatively straightforward, making it accessible to a wide range of attackers. No KEV listing or EPSS score is currently available. Public proof-of-concept code may emerge, further accelerating exploitation attempts. The vulnerability was disclosed on 2026-03-02.
Exploit Status
EPSS
0.03% (7% percentile)
CISA SSVC
The primary mitigation for CVE-2026-3402 is to upgrade to a patched version of PHPGurukul Student Record Management System. Since a fixed version is not specified, thoroughly review the vendor's security advisories and release notes for the latest updates. As a temporary workaround, implement strict input validation and output encoding on the 'Course Short Name' parameter in /edit-course.php to sanitize user-supplied data. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly scan the application for XSS vulnerabilities using automated tools.
Update to a patched version of the PHPGurukul Student Record Management System. If a patched version is not available, it is recommended to sanitize user input in the edit-course.php file, especially the 'Course Short Name' argument, to prevent XSS code execution. A content security policy (CSP) can also be implemented to mitigate the risk.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3402 is a cross-site scripting (XSS) vulnerability affecting PHPGurukul Student Record Management System versions up to 1.0, allowing attackers to inject malicious scripts via the 'Course Short Name' parameter.
If you are using PHPGurukul Student Record Management System version 1.0, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade to a patched version of PHPGurukul Student Record Management System. Review vendor advisories for the latest updates and implement input validation as a temporary workaround.
The vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Monitor your systems for suspicious activity and implement mitigation strategies.
Consult the PHPGurukul website and security advisories for the official advisory regarding CVE-2026-3402.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.