Submit #748328: code-projects Online Student Management System in PHP latest (no version specified by vendor) Cross-Site Scriptinginfo

Titelcode-projects Online Student Management System in PHP latest (no version specified by vendor) Cross-Site Scripting
BeschreibungA stored cross-site scripting (XSS) vulnerability exists in the Online Student Management System in PHP. Authenticated administrators can inject arbitrary JavaScript code via the announcement management module. The malicious payload is stored in the backend database and executed automatically when other users view the affected announcement, leading to potential session hijacking and unauthorized actions.
Quelle⚠️ https://github.com/baguette168/CVE/issues/1
Benutzer
 baguette168 (UID 94957)
Einreichung28.01.2026 16:49 (vor 3 Monaten)
Moderieren07.02.2026 09:28 (10 days later)
StatusAkzeptiert
VulDB Eintrag344858 [code-projects Online Student Management System 1.0 Announcement Management index.php?view=add Cross Site Scripting]
Punkte19

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!