Primary

Context

PHPGurukul Art Gallery Management System Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in PHPGurukul Art Gallery Management System version 1.1. The issue resides in the file '/admin/edit-art-medium-detail.php', where the 'artmed' parameter is not properly validated or encoded before being output. This flaw allows attackers to inject malicious JavaScript, which can be executed in the context of the user viewing the page. The vulnerability could lead to session hijacking, data theft, and other security issues.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, send a POST request to '/admin/edit-art-medium-detail.php' with the 'artmed' parameter containing the injected script, such as an image tag with an 'onerror' event.

Remediation

No specific remediation is known for this vulnerability.

Added: Jul 18, 2025, 1:22 AM

Updated: Jul 18, 2025, 1:22 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.5

exploitability

6.5

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.5

exploitability

6.5

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PHPGurukul Art Gallery Management System Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

PHPGurukul Art Gallery Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating