15 matches found
CVE-2020-25270
CVE-2020-25270 affects PHPGurukul hostel-management-system version 2.1. It specifies a cross-site scripting (XSS) vulnerability via input fields in the Guardian section (Guardian Name, Guardian Relation, Guardian Contact no, Address, City) that can trigger script execution. Multiple connected sou...
CVE-2025-45953
CVE-2025-45953 affects PHPGurukul Hostel Management System 2.1, in /hostel/change-password.php. Improper handling of session data enables a remote session-hijacking attack. Output confirms vulnerability details; no patch/version fix information is provided in the connected documents. Monitor for ...
CVE-2023-36376
CVE-2023-36376 affects Hostel Management System v2.1. The vulnerability is a Cross-Site Scripting (XSS) issue where a crafted payload injected into the “add course” section can cause arbitrary web scripts/HTML to run in a victim’s browser. Documents consistently describe the flaw but do not provi...
CVE-2020-5510
PHPGurukul Hostel Management System v2.0 is affected by an SQL injection in the full-profile.php file via the id parameter. The root cause is unsanitized external input allowing crafted SQL commands, potentially enabling data leakage or modification as described. Remediation and mitigations are m...
CVE-2021-43137
CVE-2021-43137 affects the hostel management system version 2.1, with a Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability in the name field of my-profile.php . The connected PT-2021-23750 entry provides concrete details: exploiting the name field via my-profile.php ca...
CVE-2023-36375
CVE-2023-36375 is an XSS vulnerability in Hostel Management System v2.1. The Red Hat and NVD entries describe a cross‑site scripting flaw that lets an attacker execute arbitrary code via a crafted payload in multiple fields on the Book Hostel & Room Details page, including Guardian name, Guardian...
CVE-2023-34647
The CVE-2023-34647 entry applies to PHPgurukl Hostel Management System v1.0, which is reported to be vulnerable to Cross-Site Scripting (XSS). Several connected sources attribute the issue to insufficient input filtering/escaping of untrusted data, enabling an attacker to inject and execute arbit...
CVE-2023-34652
CVE-2023-34652 affects PHPgurukl Hostel Management System v1.0 with a Cross-Site Scripting (XSS) vulnerability in the Add New Course feature. Descriptions across sources indicate a (stored) XSS risk that could affect users, with CVSS 3.1 base score 6.1 (MEDIUM) from NVD; user interaction required...
CVE-2023-36939
CVE-2023-36939 affects the Hostel Management System v2.1. It is a Cross-Site Scripting (XSS) vulnerability where a crafted payload in the search booking field can lead to arbitrary code execution. Multiple connected sources corroborate the issue for the same version and field, with no official pa...
CVE-2025-6153
CVE-2025-6153 concerns PHPGurukul Hostel Management System 1.0. The vulnerability is an SQL injection in the /admin/students.php script caused by manipulating the search_box parameter. Attacks are remote and the exploit has been publicly disclosed. Across sources, impact is indicated with high li...
CVE-2025-6155
PHPGurukul Hostel Management System 1.0 contains a SQL injection vulnerability in the /includes/login-hm.inc.php file, triggered by manipulating the Username parameter. The issue affects an unknown function in that file and can be exploited remotely; public disclosure of exploits is indicated. A ...
CVE-2025-6154
CVE-2025-6154 affects PHPGurukul Hostel Management System 1.0. The flaw resides in /includes/login.inc.php where manipulation of the student_roll_no parameter enables SQL injection. The issue can be triggered remotely and the exploit has been disclosed publicly. Connected sources corroborate a SQ...
CVE-2025-13577
The CVE-2025-13577 entry concerns PHPGurukul Hostel Management System 2.1, where the /register-complaint.php file’s cdetails parameter is vulnerable to cross-site scripting due to insufficient input filtering/escaping. Multiple connected sources (CNVD, RH/Red Hat, CNNVD, CVE listings) confirm rem...
CVE-2025-28129
CVE-2025-28129 affects Phpgurukul Hostel Management System 2.1. The vulnerability is clickjacking: the product does not adequately protect against being embedded in an iframe, enabling an attacker to trick users into performing unintended actions. Root cause and details are documented in multiple...
CVE-2025-63611
Summary: CVE-2025-63611 affects phpgurukul Hostel Management System v2.1. The issue is a stored XSS in the user-provided "Explain the Complaint" field submitted to /register-complaint.php, which is rendered unescaped in the admin view at /admin/complaint-details.php?cid=. When an administrator op...