This page lists publicly disclosed CVE vulnerabilities affecting phpgurukul hostel_management_system (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-63611 | Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). When an administrator opens the complaint, injected HTML/JavaScript executes in the admin's browser. | [email protected] | 8.7 | 0.03% | 2026-01-08 | 2026-01-12 |
| CVE-2025-13577 | A flaw has been found in PHPGurukul Hostel Management System 2.1. The impacted element is an unknown function of the file /register-complaint.php. Executing a manipulation of the argument cdetails can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used. | [email protected] | 2.0 | 0.03% | 2025-11-24 | 2026-04-29 |
| CVE-2025-28129 | Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking. | [email protected] | 5.4 | 0.03% | 2025-10-06 | 2025-10-21 |
| CVE-2025-6155 | A vulnerability was found in PHPGurukul Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /includes/login-hm.inc.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.5 | 0.20% | 2025-06-17 | 2026-04-29 |
| CVE-2025-6154 | A vulnerability was found in PHPGurukul Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /includes/login.inc.php. The manipulation of the argument student_roll_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.5 | 0.20% | 2025-06-17 | 2026-04-29 |
| CVE-2025-6153 | A vulnerability has been found in PHPGurukul Hostel Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/students.php. The manipulation of the argument search_box leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.5 | 0.20% | 2025-06-17 | 2026-04-29 |
| CVE-2025-45953 | A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely | [email protected] | 9.1 | 0.19% | 2025-04-28 | 2025-04-30 |
| CVE-2023-36939 | Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field. | [email protected] | 6.1 | 0.17% | 2023-07-10 | 2024-11-21 |
| CVE-2023-36375 | Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page. | [email protected] | 5.4 | 0.17% | 2023-07-10 | 2025-11-11 |
| CVE-2023-36376 | Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section. | [email protected] | 4.8 | 0.07% | 2023-07-10 | 2024-11-21 |
| CVE-2023-34647 | PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). | [email protected] | 6.1 | 0.26% | 2023-06-28 | 2024-11-21 |
| CVE-2023-34652 | PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course. | [email protected] | 6.1 | 0.30% | 2023-06-28 | 2024-11-21 |
| CVE-2021-43137 | Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover. | [email protected] | 8.8 | 0.13% | 2021-12-01 | 2024-11-21 |
| CVE-2020-25270 | PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City. | [email protected] | 5.4 | 0.28% | 2020-10-08 | 2024-11-21 |
| CVE-2020-5510 | PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. | [email protected] | 9.8 | 0.32% | 2020-01-08 | 2025-11-11 |