CVE-2026-3403 - Vulnerability Details

- PHPGurukul Student Record Management System edit-subject.php cross site scripting

Description

A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown processing of the file /edit-subject.php. Performing a manipulation of the argument Subject 1 results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Published: 2026-03-02

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability in PHPGurukul Student Record Management System 1.0 arises from improper handling of the Subject 1 argument in edit‑subject.php, allowing attackers to inject malicious scripts into web pages. This reflected cross‑site scripting can enable session hijacking, defacement, or theft of user credentials and is linked to CWE‑79 for reflected XSS and CWE‑94 for code injection potential. The issue is exploitable remotely via the web interface and the exploit code is publicly available.

Affected Systems

The affected product is PHPGurukul Student Record Management System version 1.0, deployed by the PHPGurukul vendor. No other product versions are listed as vulnerable.

Risk and Exploitability

The CVSS score of 4.8 denotes a moderate severity, while the EPSS score of less than 1% indicates a very low likelihood of exploitation at this time. The risk is not elevated by inclusion in the CISA KEV catalog. Attackers can manipulate the Subject 1 parameter through typical web requests to trigger reflected script execution, making remote exploitation feasible but not widespread.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

PHPGurukul

Student Record Management System

affected

Version	Status	Constraints
`1.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:phpgurukul:student_record_system:1.0:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Phpgurukul

Student Record Management System

100%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to a patched release of the PHPGurukul Student Record Management System when available.
Apply server‑side input validation and output encoding to the Subject 1 parameter to neutralize reflected XSS.
Implement a content security policy and/or Web Application Firewall to block malicious script insertion attempts.

Generated by OpenCVE AI on April 16, 2026 at 14:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00038.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/AS-AbdulSamad/CVEs/issues/3
https://phpgurukul.com/
https://vuldb.com/?ctiid.348298
https://vuldb.com/?id.348298
https://vuldb.com/?submit.763324

History

Tue, 03 Mar 2026 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Phpgurukul student Record System
CPEs		cpe:2.3:a:phpgurukul:student_record_system:1.0:::::::*
Vendors & Products		Phpgurukul student Record System

Mon, 02 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 02 Mar 2026 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Phpgurukul Phpgurukul student Record Management System
Vendors & Products		Phpgurukul Phpgurukul student Record Management System

Mon, 02 Mar 2026 01:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown processing of the file /edit-subject.php. Performing a manipulation of the argument Subject 1 results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Title		PHPGurukul Student Record Management System edit-subject.php cross site scripting
Weaknesses		CWE-79 CWE-94
References		https://github.com/AS-AbdulSamad/CVEs/issues/3 https://phpgurukul.com/ https://vuldb.com/?ctiid.348298 https://vuldb.com/?id.348298 https://vuldb.com/?submit.763324
Metrics		cvssV2_0 `{'score': 3.3, 'vector': 'AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 2.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 2.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Phpgurukul Student Record Management System Student Record System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-02T01:02:09.369Z

Updated: 2026-03-02T18:50:17.761Z

Reserved: 2026-03-01T06:49:35.098Z

Link: CVE-2026-3403

Vulnrichment

Updated: 2026-03-02T18:50:11.446Z

NVD

Status : Analyzed

Published: 2026-03-02T02:16:18.753

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-3403

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T14:45:25Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object