Plateforme
php
Composant
cves
Corrigé dans
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in PHPGurukul Student Record Management System, specifically affecting version 1.0. This vulnerability arises from improper handling of user input within the /edit-subject.php file, allowing attackers to inject malicious scripts. The exploit is publicly available, increasing the risk of exploitation. Mitigation strategies focus on input validation and output encoding.
Successful exploitation of CVE-2026-3403 allows an attacker to inject arbitrary JavaScript code into the Student Record Management System. This code can then be executed in the context of a user's browser when they access the affected page. The attacker could potentially steal session cookies, redirect users to malicious websites, or deface the application. The remote nature of the vulnerability means an attacker does not need to be on the same network as the server to exploit it. Given the public availability of the exploit, the risk of exploitation is elevated.
CVE-2026-3403 is a publicly disclosed vulnerability with a known proof-of-concept. The vulnerability's low CVSS score reflects the relatively limited impact, but the public exploit significantly increases the likelihood of exploitation. No KEV listing or active exploitation campaigns have been publicly reported as of the publication date. The vulnerability was publicly disclosed on 2026-03-02.
Organizations using PHPGurukul Student Record Management System version 1.0 are at risk. This includes educational institutions, training centers, and any entity utilizing this system for student record management. Shared hosting environments are particularly vulnerable, as a compromised account on one site could potentially impact other sites hosted on the same server.
• php / web:
grep -r "Subject 1" /var/www/html/edit-subject.php• php / web:
curl -I http://your-student-record-system.com/edit-subject.php?Subject%201=<script>alert(1)</script>• generic web: Examine access logs for requests to /edit-subject.php containing suspicious characters in the Subject 1 parameter. • generic web: Check for unusual JavaScript code being injected into the Student Record Management System's pages.
disclosure
Statut de l'Exploit
EPSS
0.03% (percentile 7%)
CISA SSVC
The primary mitigation for CVE-2026-3403 is to upgrade to a patched version of PHPGurukul Student Record Management System. Since a fixed version isn't specified, immediate action is crucial. As a temporary workaround, implement strict input validation on the 'Subject 1' parameter in /edit-subject.php, rejecting any input containing potentially malicious characters. Additionally, apply robust output encoding to prevent the browser from interpreting user-supplied data as executable code. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide an additional layer of protection.
Mettre à jour vers une version corrigée du système de gestion des enregistrements d'étudiants. Si aucune version corrigée n'est disponible, il est recommandé de désinfecter les entrées utilisateur dans le fichier edit-subject.php pour éviter l'exécution de code XSS.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-3403 is a cross-site scripting (XSS) vulnerability affecting PHPGurukul Student Record Management System version 1.0, allowing attackers to inject malicious scripts via the /edit-subject.php file.
If you are using PHPGurukul Student Record Management System version 1.0, you are potentially affected by this vulnerability. Upgrade is highly recommended.
Upgrade to a patched version of the Student Record Management System. As a temporary workaround, implement input validation and output encoding on the 'Subject 1' parameter.
The exploit is publicly available, increasing the risk of exploitation. While no confirmed active campaigns are currently reported, vigilance is advised.
Refer to the PHPGurukul website or security mailing lists for official advisories and updates regarding CVE-2026-3403.
Vecteur CVSS
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.