Cross-Site Scripting Vulnerability in PHPGurukul Notice Board System
CVE-2025-6301

4.8MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Notice Board System
Vendor: CVE Published:; 20 June 2025

What is CVE-2025-6301?

A cross-site scripting (XSS) vulnerability exists in the PHPGurukul Notice Board System version 1.0, specifically in the file /admin/manage-notices.php, which incorrectly handles user input for the Title and Description arguments. This flaw allows an attacker to inject malicious scripts that can be executed in the context of the user’s session when these inputs are processed. As this vulnerability can be exploited remotely, it poses a significant risk to users of the system, potentially leading to unauthorized information disclosure or manipulation of user sessions.

Affected Version(s)

Notice Board System 1.0

References

https://vuldb.com/?id.313301

vdb-entrytechnical-description

https://vuldb.com/?ctiid.313301

signaturepermissions-required

https://vuldb.com/?submit.595373

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2025
Vulnerability Reserved
Jun 19, 2025

Credit

Anzil (VulDB User)

PHPgurukul

What is CVE-2025-6301?

Affected Version(s)

References

CVSS V4

Timeline

Credit