Submit #786028: Cyber-III Student-Management-System 1.0 XSS vulnerabilityinfo

TitelCyber-III Student-Management-System 1.0 XSS vulnerability
BeschreibungThe class schedule deletion endpoint /admin/class schedule/delete_batch.php lacks proper administrator permission checks (unauthorized access vulnerability). Additionally, the batch parameter from the POST request is directly concatenated into the HTML response without any HTML escaping (e.g., htmlspecialchars), leading to a reflected Cross‑Site Scripting (XSS) vulnerability.
Quelle⚠️ https://github.com/Cyber-III/Student-Management-System/issues/242
Benutzer
 zsmaaa (UID 93294)
Einreichung23.03.2026 08:21 (vor 25 Tagen)
Moderieren06.04.2026 10:14 (14 days later)
StatusAkzeptiert
VulDB Eintrag355493 [Cyber-III Student-Management-System bis 1a938fa61e9f735078e9b291d2e6215b4942af3f Class Schedule Deletion Endpoint delete_batch.php batch Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!