| Title | SourceCodester E-Learning System (CAIWL) 1.0 Stored HTML Injection Vulnerability |
|---|
| Description | A Stored HTML Injection vulnerability was discovered in the E-Learning System (CAIWL) v1.0. The application fails to properly sanitize user input in the Lesson Module description and title fields. This allows an authenticated attacker to inject arbitrary HTML tags into the application, which are then stored in the database and rendered by the browser when an administrator or user views the affected lesson. This vulnerability enables web defacement, content spoofing, and potential phishing attacks. |
|---|
| Source | ⚠️ https://gist.github.com/0xCaptainFahim/dada955760b424a851de12bccadee997 |
|---|
| User | 0xCaptainFahim (UID 86447) |
|---|
| Submission | 01/10/2026 07:57 AM (1 month ago) |
|---|
| Moderation | 01/18/2026 03:05 PM (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 341747 [SourceCodester E-Learning System 1.0 Lesson index.php Title/Description cross site scripting] |
|---|
| Points | 20 |
|---|