Clickjacking Vulnerability in Phpgurukul Hostel Management System by Phpgurukul
CVE-2025-28129

5.4MEDIUM

Key Information:

Vendor: Phpgurukul
Status: Hostel Management System
Vendor: CVE Published:; 6 October 2025

What is CVE-2025-28129?

The Phpgurukul Hostel Management System 2.1 is exposed to clickjacking attacks, which can allow malicious users to manipulate a user’s clicks on their web browser. This vulnerability enables an attacker to present an invisible or opaque layer over legitimate content, tricking users into unwittingly performing actions that could compromise their accounts or data. It is crucial for users of this system to implement protective measures, such as the x-frame-options header, to mitigate the risks associated with clickjacking.

References

https://github.com/NullMinds/CVE-Hunting/blob/main/Hostel...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2025
Vulnerability Reserved
Mar 11, 2025

JSON