Cross-Site Scripting Vulnerability in PHPGurukul Art Gallery Management System
CVE-2025-7767

3.5LOW

Key Information:

Vendor: PHPGurukul
Status: Art Gallery Management System
Vendor: CVE Published:; 18 July 2025

What is CVE-2025-7767?

A vulnerability has been identified in the PHPGurukul Art Gallery Management System, specifically in the '/admin/edit-art-medium-detail.php' file. This issue arises from improper handling of the argument 'artmed', which can lead to cross-site scripting (XSS) attacks. Malicious actors can exploit this vulnerability remotely, potentially allowing the execution of arbitrary scripts in the context of the user's browser session. Such vulnerabilities can compromise user data and session integrity, making it essential for users of the affected version to implement immediate security measures.

References

https://github.com/wanglu-cell/myCVE/issues/2

https://phpgurukul.com/

https://vuldb.com/?ctiid.316766

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2025