CVE-2026-3403 PUBLISHED

A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown processing of the file /edit-subject.php. Performing a manipulation of the argument Subject 1 results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.

• AS-AbdulSamad (VulDB User) reporter

• VDB-348298 | PHPGurukul Student Record Management System edit-subject.php cross site scripting
• VDB-348298 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #763324 | PHPGurukul Student Record Management System 1.0 Stored XSS in [/edit-subject.php] endpoint on [Subject 1] field
• https://github.com/AS-AbdulSamad/CVEs/issues/3
• https://phpgurukul.com/

• Cross Site Scripting CWE
• Code Injection CWE