Submit #600550: SourceCodester Student Result Management System 1.0 Stored Cross Site Scriptinginfo

TitelSourceCodester Student Result Management System 1.0 Stored Cross Site Scripting
BeschreibungA Stored Cross-Site Scripting (XSS) vulnerability was discovered in SRMS 1.0 within the "Manage Students" module. The application fails to properly sanitize user-supplied input in the First Name field. As a result, an attacker with access to the system can inject malicious JavaScript code, which will be persistently stored and executed whenever the students listing page is loaded. This poses a serious risk to administrative users and can be used to steal session cookies, perform unauthorized actions, or deface content. Vulnerability Type: Stored Cross-Site Scripting (XSS) Affected Application: Student Result Management System 1.0 (SRMS 1.0) Vulnerable Endpoint: /srms/script/admin/students Vulnerable Parameter: First Name Impact: Persistent execution of arbitrary JavaScript in the application context ???? Steps to Reproduce (PoC): 1 - Log in to the SRMS 1.0 application with valid administrative credentials. 2 - Navigate to: Students > Manage Students > /srms/script/admin/manage_students, then select a term or session. 3 - On the page /srms/script/admin/students, click the Edit button for an existing student record. 4 - In the First Name field, inject the following XSS payload (Copy and Paste): <script>alert('PoC VulDB SRMS')</script> Save the changes. 5 - Whenever the /srms/script/admin/students page is accessed, the injected JavaScript will execute in the browser context, confirming a Stored Cross-Site Scripting (XSS) vulnerability.
Quelle⚠️ https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README8.md
Benutzer
 RaulPACXXX (UID 84502)
Einreichung19.06.2025 10:51 (vor 1 Jahr)
Moderieren21.06.2025 07:34 (2 days later)
StatusAkzeptiert
VulDB Eintrag313583 [SourceCodester Student Result Management System 1.0 Manage Students manage_students Cross Site Scripting]
Punkte20

Want to know what is going to be exploited?

We predict KEV entries!