CVE-2025-9834 MEDIUM

CVE-2025-9834: PHPGurukul Small CRM registration.php cross site scripting

Vendor Phpgurukul

Product Small CRM

Weakness CWE-79 · XSS

Published September 2, 2025

Last update September 3, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.

Key dates

02Disclosure timeline

September 2, 2025 CVE published

September 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9834

Related vulnerabilities

04Related CVE

CVE-2014-125034 stiiv contact_app View.php render cross site scripting CVE-2025-31902 WordPress Social Share And Social Locker Plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2018-19943 CVE-2026-4279 Bread & Butter: Content Gating for Verified Leads <= 8.2.0.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2026-32542 WordPress Fusion Builder plugin < 3.15.0 - Reflected Cross Site Scripting (XSS) vulnerability