CVE-2026-0730 | PHPGurukul Staff Leave Management System 1.0 SVG File adminviews.py ADD_STAFF/UPDATE_STAFF profile_pic cross site scripting

Inserito da Angelo Barbosa | Gen 8, 2026 | CVE

A vulnerability labeled as problematic has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADD_STAFF/UPDATE_STAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profile_pic can lead to cross site scripting.

This vulnerability is handled as CVE-2026-0730. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-0730 | PHPGurukul Staff Leave Management System 1.0 SVG File adminviews.py ADD_STAFF/UPDATE_STAFF profile_pic cross site scripting

Post correlati

CVE-2024-8735 | MailMunch Plugin up to 3.1.8 on WordPress add_query_arg cross site scripting

CVE-2025-22137 | stonith404 pingvin-share up to 1.3.x HTTP POST Request improper authentication (GHSA-rjwx-p44f-mcrv)

CVE-2025-38584 | Linux Kernel up to 6.15.9/6.16.0 padata_reorder reference count

CVE-2024-23663 | Fortinet FortiExtender up to 7.0.4/7.2.4/7.4.2 HTTP access control (FG-IR-23-459)