CVE-2025-9834

CWE-79Cross-site Scripting (XSS)CWE-94Code Injection3 documents3 sources
Severity
5.1MEDIUM
EPSS
0.0%
top 91.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul Small CRM
Timeline
PublishedSep 2

Description

A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5phpgurukul/small_crm4.0

🔴Vulnerability Details

2
CVEList
PHPGurukul Small CRM registration.php cross site scripting2025-09-02
GHSA
GHSA-hm77-xmfq-6722: A flaw has been found in PHPGurukul Small CRM 42025-09-02
CVE-2025-9834 (MEDIUM CVSS 5.1) | A flaw has been found in PHPGurukul | cvebase.io