| Título | sourcecodester Student Grades Management System 1.0 Improper Input Validation |
|---|
| Descripción | The "Student Grades Management System" application stores user-supplied input (first name / last name / other profile fields) in the database and later outputs the values directly into HTML pages without escaping. An attacker with the ability to create or edit a user (e.g., via the admin UI or signup) can store JavaScript that executes in the browser of any admin/teacher who views the user list or dashboard. This is a stored XSS — critical because it can lead to admin session theft, user takeover, CSRF actions, or full account takeover when combined with other site behaviors. |
|---|
| Fuente | ⚠️ https://github.com/sidzeroday/sourcecodester_cve/blob/main/README.md |
|---|
| Usuario | sidzeroday (UID 90256) |
|---|
| Sumisión | 2025-10-02 11:37 (hace 7 meses) |
|---|
| Moderación | 2025-10-08 12:21 (6 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 327602 [SourceCodester Student Grades Management System 1.0 Manage Users Page /admin.php add_user first_name/last_name secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 20 |
|---|