Cross-Site Scripting Flaw in PHPGurukul Hostel Management System 2.1
CVE-2025-13577

5.1MEDIUM

Key Information:

Vendor

PHPgurukul
Status
Hostel Management System
Vendor
CVE Published:
24 November 2025

What is CVE-2025-13577?

A vulnerability has been identified in PHPGurukul Hostel Management System 2.1, specifically in the handling of parameters in the /register-complaint.php file. An attacker can exploit this flaw through crafted input in the cdetails argument, potentially leading to cross-site scripting (XSS) attacks. This security lapse allows for the execution of malicious scripts in the context of the victim's browser, which could lead to session hijacking or the unauthorized access of sensitive information. It is crucial for users of the system to apply mitigations as the exploit is publicly available.

Affected Version(s)

Hostel Management System 2.1

References

https://vuldb.com/?id.333341
vdb-entrytechnical-description
https://vuldb.com/?ctiid.333341
signaturepermissions-required
https://vuldb.com/?submit.698995
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

harun.tamokur (VulDB User)
JSON
.