प्लेटफ़ॉर्म
php
घटक
cves
में ठीक किया गया
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in PHPGurukul Student Record Management System versions up to 1.0. This flaw allows attackers to inject malicious scripts into the application via manipulation of the 'Course Short Name' parameter within the /edit-course.php file. Successful exploitation could lead to session hijacking or other malicious actions, impacting users of the system. The vulnerability was publicly disclosed on 2026-03-02 and mitigation focuses on patching.
The XSS vulnerability in PHPGurukul Student Record Management System allows an attacker to inject arbitrary JavaScript code into the application's web pages. This code can then be executed in the context of a victim's browser when they visit a compromised page. An attacker could leverage this to steal session cookies, redirect users to malicious websites, or deface the application. The attack is remotely exploitable, meaning an attacker doesn't need to be on the same network as the server. Given the nature of XSS, the potential impact extends to any user interacting with the vulnerable page, potentially compromising sensitive data or system access.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. The exploit is relatively straightforward, making it accessible to a wide range of attackers. No KEV listing or EPSS score is currently available. Public proof-of-concept code may emerge, further accelerating exploitation attempts. The vulnerability was disclosed on 2026-03-02.
Organizations using PHPGurukul Student Record Management System version 1.0, particularly those with publicly accessible instances, are at risk. Shared hosting environments where multiple users share the same server instance are also at increased risk, as an attacker could potentially compromise other users' accounts through this vulnerability.
• php / web:
grep -r "/edit-course.php" /var/www/html/• php / web:
curl -I http://your-student-record-system.com/edit-course.php?Course Short Name=<script>alert(1)</script>• generic web:
curl -I http://your-student-record-system.com/edit-course.php?Course Short Name=<script>alert(1)</script> | grep -i 'script'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.03% (7% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2026-3402 is to upgrade to a patched version of PHPGurukul Student Record Management System. Since a fixed version is not specified, thoroughly review the vendor's security advisories and release notes for the latest updates. As a temporary workaround, implement strict input validation and output encoding on the 'Course Short Name' parameter in /edit-course.php to sanitize user-supplied data. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly scan the application for XSS vulnerabilities using automated tools.
PHPGurukul Student Record Management System के पैच किए गए संस्करण में अपडेट करें। यदि कोई पैच किया गया संस्करण उपलब्ध नहीं है, तो फ़ाइल edit-course.php में उपयोगकर्ता इनपुट को सैनिटाइज करने की अनुशंसा की जाती है, खासकर 'Course Short Name' तर्क को XSS कोड निष्पादन को रोकने के लिए। जोखिम को कम करने के लिए कंटेंट सिक्योरिटी पॉलिसी (CSP) को भी लागू किया जा सकता है।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-3402 is a cross-site scripting (XSS) vulnerability affecting PHPGurukul Student Record Management System versions up to 1.0, allowing attackers to inject malicious scripts via the 'Course Short Name' parameter.
If you are using PHPGurukul Student Record Management System version 1.0, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade to a patched version of PHPGurukul Student Record Management System. Review vendor advisories for the latest updates and implement input validation as a temporary workaround.
The vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Monitor your systems for suspicious activity and implement mitigation strategies.
Consult the PHPGurukul website and security advisories for the official advisory regarding CVE-2026-3402.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।