إرسال #600550: SourceCodester Student Result Management System 1.0 Stored Cross Site Scriptingالمعلومات

عنوانSourceCodester Student Result Management System 1.0 Stored Cross Site Scripting
الوصفA Stored Cross-Site Scripting (XSS) vulnerability was discovered in SRMS 1.0 within the "Manage Students" module. The application fails to properly sanitize user-supplied input in the First Name field. As a result, an attacker with access to the system can inject malicious JavaScript code, which will be persistently stored and executed whenever the students listing page is loaded. This poses a serious risk to administrative users and can be used to steal session cookies, perform unauthorized actions, or deface content. Vulnerability Type: Stored Cross-Site Scripting (XSS) Affected Application: Student Result Management System 1.0 (SRMS 1.0) Vulnerable Endpoint: /srms/script/admin/students Vulnerable Parameter: First Name Impact: Persistent execution of arbitrary JavaScript in the application context ???? Steps to Reproduce (PoC): 1 - Log in to the SRMS 1.0 application with valid administrative credentials. 2 - Navigate to: Students > Manage Students > /srms/script/admin/manage_students, then select a term or session. 3 - On the page /srms/script/admin/students, click the Edit button for an existing student record. 4 - In the First Name field, inject the following XSS payload (Copy and Paste): <script>alert('PoC VulDB SRMS')</script> Save the changes. 5 - Whenever the /srms/script/admin/students page is accessed, the injected JavaScript will execute in the browser context, confirming a Stored Cross-Site Scripting (XSS) vulnerability.
المصدر⚠️ https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README8.md
المستخدم
 RaulPACXXX (UID 84502)
ارسال19/06/2025 10:51 AM (1 سنة منذ)
الاعتدال21/06/2025 07:34 AM (2 days later)
الحالةتمت الموافقة
إدخال VulDB313583 [SourceCodester Student Result Management System 1.0 Manage Students manage_students البرمجة عبر المواقع]
النقاط20

Do you know our Splunk app?

Download it now for free!