Platform
php
Component
cves
Fixed in
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in PHPGurukul Student Record Management System, specifically affecting version 1.0. This vulnerability arises from improper handling of user input within the /edit-subject.php file, allowing attackers to inject malicious scripts. The exploit is publicly available, increasing the risk of exploitation. Mitigation strategies focus on input validation and output encoding.
Successful exploitation of CVE-2026-3403 allows an attacker to inject arbitrary JavaScript code into the Student Record Management System. This code can then be executed in the context of a user's browser when they access the affected page. The attacker could potentially steal session cookies, redirect users to malicious websites, or deface the application. The remote nature of the vulnerability means an attacker does not need to be on the same network as the server to exploit it. Given the public availability of the exploit, the risk of exploitation is elevated.
CVE-2026-3403 is a publicly disclosed vulnerability with a known proof-of-concept. The vulnerability's low CVSS score reflects the relatively limited impact, but the public exploit significantly increases the likelihood of exploitation. No KEV listing or active exploitation campaigns have been publicly reported as of the publication date. The vulnerability was publicly disclosed on 2026-03-02.
Exploit Status
EPSS
0.03% (7% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-3403 is to upgrade to a patched version of PHPGurukul Student Record Management System. Since a fixed version isn't specified, immediate action is crucial. As a temporary workaround, implement strict input validation on the 'Subject 1' parameter in /edit-subject.php, rejecting any input containing potentially malicious characters. Additionally, apply robust output encoding to prevent the browser from interpreting user-supplied data as executable code. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide an additional layer of protection.
Update to a patched version of the student record management system. If a patched version is not available, it is recommended to sanitize user input in the edit-subject.php file to prevent XSS code execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3403 is a cross-site scripting (XSS) vulnerability affecting PHPGurukul Student Record Management System version 1.0, allowing attackers to inject malicious scripts via the /edit-subject.php file.
If you are using PHPGurukul Student Record Management System version 1.0, you are potentially affected by this vulnerability. Upgrade is highly recommended.
Upgrade to a patched version of the Student Record Management System. As a temporary workaround, implement input validation and output encoding on the 'Subject 1' parameter.
The exploit is publicly available, increasing the risk of exploitation. While no confirmed active campaigns are currently reported, vigilance is advised.
Refer to the PHPGurukul website or security mailing lists for official advisories and updates regarding CVE-2026-3403.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.