Lucene search
K
PhpgurukulHostel Management System

15 matches found

CVE
CVE
added 2020/10/08 12:32 p.m.75 views

CVE-2020-25270

CVE-2020-25270 affects PHPGurukul hostel-management-system version 2.1. It specifies a cross-site scripting (XSS) vulnerability via input fields in the Guardian section (Guardian Name, Guardian Relation, Guardian Contact no, Address, City) that can trigger script execution. Multiple connected sou...

5.4CVSS5.2AI score0.03185EPSS
CVE
CVE
added 2025/04/28 12:0 a.m.62 views

CVE-2025-45953

CVE-2025-45953 affects PHPGurukul Hostel Management System 2.1, in /hostel/change-password.php. Improper handling of session data enables a remote session-hijacking attack. Output confirms vulnerability details; no patch/version fix information is provided in the connected documents. Monitor for ...

9.1CVSS6.5AI score0.0036EPSS
CVE
CVE
added 2023/07/10 12:0 a.m.53 views

CVE-2023-36376

CVE-2023-36376 affects Hostel Management System v2.1. The vulnerability is a Cross-Site Scripting (XSS) issue where a crafted payload injected into the “add course” section can cause arbitrary web scripts/HTML to run in a victim’s browser. Documents consistently describe the flaw but do not provi...

4.8CVSS4.9AI score0.00588EPSS
CVE
CVE
added 2020/01/08 5:32 p.m.52 views

CVE-2020-5510

PHPGurukul Hostel Management System v2.0 is affected by an SQL injection in the full-profile.php file via the id parameter. The root cause is unsanitized external input allowing crafted SQL commands, potentially enabling data leakage or modification as described. Remediation and mitigations are m...

10CVSS9.7AI score0.02112EPSS
CVE
CVE
added 2021/12/01 7:14 p.m.45 views

CVE-2021-43137

CVE-2021-43137 affects the hostel management system version 2.1, with a Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability in the name field of my-profile.php . The connected PT-2021-23750 entry provides concrete details: exploiting the name field via my-profile.php ca...

8.8CVSS8.2AI score0.00512EPSS
CVE
CVE
added 2023/07/10 12:0 a.m.43 views

CVE-2023-36375

CVE-2023-36375 is an XSS vulnerability in Hostel Management System v2.1. The Red Hat and NVD entries describe a cross‑site scripting flaw that lets an attacker execute arbitrary code via a crafted payload in multiple fields on the Book Hostel & Room Details page, including Guardian name, Guardian...

5.4CVSS5.7AI score0.00873EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.42 views

CVE-2023-34647

The CVE-2023-34647 entry applies to PHPgurukl Hostel Management System v1.0, which is reported to be vulnerable to Cross-Site Scripting (XSS). Several connected sources attribute the issue to insufficient input filtering/escaping of untrusted data, enabling an attacker to inject and execute arbit...

6.1CVSS6.1AI score0.00358EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.40 views

CVE-2023-34652

CVE-2023-34652 affects PHPgurukl Hostel Management System v1.0 with a Cross-Site Scripting (XSS) vulnerability in the Add New Course feature. Descriptions across sources indicate a (stored) XSS risk that could affect users, with CVSS 3.1 base score 6.1 (MEDIUM) from NVD; user interaction required...

6.1CVSS6AI score0.00493EPSS
CVE
CVE
added 2023/07/10 12:0 a.m.34 views

CVE-2023-36939

CVE-2023-36939 affects the Hostel Management System v2.1. It is a Cross-Site Scripting (XSS) vulnerability where a crafted payload in the search booking field can lead to arbitrary code execution. Multiple connected sources corroborate the issue for the same version and field, with no official pa...

6.1CVSS5.8AI score0.00557EPSS
CVE
CVE
added 2025/06/17 2:0 a.m.32 views

CVE-2025-6153

CVE-2025-6153 concerns PHPGurukul Hostel Management System 1.0. The vulnerability is an SQL injection in the /admin/students.php script caused by manipulating the search_box parameter. Attacks are remote and the exploit has been publicly disclosed. Across sources, impact is indicated with high li...

9.8CVSS7.5AI score0.00421EPSS
Web
CVE
CVE
added 2025/06/17 2:31 a.m.26 views

CVE-2025-6155

PHPGurukul Hostel Management System 1.0 contains a SQL injection vulnerability in the /includes/login-hm.inc.php file, triggered by manipulating the Username parameter. The issue affects an unknown function in that file and can be exploited remotely; public disclosure of exploits is indicated. A ...

9.8CVSS7.5AI score0.00421EPSS
Web
CVE
CVE
added 2025/06/17 2:31 a.m.24 views

CVE-2025-6154

CVE-2025-6154 affects PHPGurukul Hostel Management System 1.0. The flaw resides in /includes/login.inc.php where manipulation of the student_roll_no parameter enables SQL injection. The issue can be triggered remotely and the exploit has been disclosed publicly. Connected sources corroborate a SQ...

9.8CVSS7.5AI score0.00421EPSS
Web
CVE
CVE
added 2025/11/24 1:32 a.m.23 views

CVE-2025-13577

The CVE-2025-13577 entry concerns PHPGurukul Hostel Management System 2.1, where the /register-complaint.php file’s cdetails parameter is vulnerable to cross-site scripting due to insufficient input filtering/escaping. Multiple connected sources (CNVD, RH/Red Hat, CNNVD, CVE listings) confirm rem...

5.4CVSS3.4AI score0.00189EPSS
CVE
CVE
added 2025/10/06 12:0 a.m.22 views

CVE-2025-28129

CVE-2025-28129 affects Phpgurukul Hostel Management System 2.1. The vulnerability is clickjacking: the product does not adequately protect against being embedded in an iframe, enabling an attacker to trick users into performing unintended actions. Root cause and details are documented in multiple...

5.4CVSS6.6AI score0.00202EPSS
CVE
CVE
added 2026/01/08 12:0 a.m.13 views

CVE-2025-63611

Summary: CVE-2025-63611 affects phpgurukul Hostel Management System v2.1. The issue is a stored XSS in the user-provided "Explain the Complaint" field submitted to /register-complaint.php, which is rendered unescaped in the admin view at /admin/complaint-details.php?cid=. When an administrator op...

8.7CVSS5.8AI score0.00261EPSS
Web