Arijit Dirghangi

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Shopping Portal Project version 2.0 **Description** The PHPGurukul Online Shopping Portal Project contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentially leading to account takeover. **Recommendations** As a temporary workaround, consider implementing CSRF protection measures, such as token-based validation, to prevent exploitation until a patch is available. Restrict access to sensitive user session data to minimize the risk of account takeover. Avoid using the vulnerable version of the PHPGurukul Online Shopping Portal Project until a fixed version is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.