| Title | SourceCodester E-Learning System (CAIWL) 1.0 Cross Site Scripting |
|---|
| Description | A Critical Stored Cross-Site Scripting (XSS) vulnerability was identified in the E-Learning System (CAIWL) v1.0 within the Lesson Module. The vulnerability arises from unrestricted file uploads that allow an attacker to upload malicious .svg (Scalable Vector Graphics) files containing embedded JavaScript. When an administrator or user views the uploaded file via the built-in viewer, the malicious script executes immediately in the victim's browser, leading to potential session hijacking and unauthorized administrative actions. |
|---|
| Source | ⚠️ https://gist.github.com/0xCaptainFahim/fb42f3545623bc4740761b085070076d |
|---|
| User | 0xCaptainFahim (UID 86447) |
|---|
| Submission | 01/10/2026 07:49 AM (1 month ago) |
|---|
| Moderation | 01/18/2026 03:03 PM (8 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 296574 [SourceCodester E-Learning System 1.0 List of Lessons Page index.php unrestricted upload] |
|---|
| Points | 0 |
|---|