| शीर्षक | SourceCodester Student Result Management System 1.0 Stored Cross Site Scripting |
|---|
| विवरण | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in SRMS 1.0 within the "Manage Students" module. The application fails to properly sanitize user-supplied input in the First Name field. As a result, an attacker with access to the system can inject malicious JavaScript code, which will be persistently stored and executed whenever the students listing page is loaded. This poses a serious risk to administrative users and can be used to steal session cookies, perform unauthorized actions, or deface content.
Vulnerability Type: Stored Cross-Site Scripting (XSS)
Affected Application: Student Result Management System 1.0 (SRMS 1.0)
Vulnerable Endpoint: /srms/script/admin/students
Vulnerable Parameter: First Name
Impact: Persistent execution of arbitrary JavaScript in the application context
???? Steps to Reproduce (PoC):
1 - Log in to the SRMS 1.0 application with valid administrative credentials.
2 - Navigate to: Students > Manage Students > /srms/script/admin/manage_students, then select a term or session.
3 - On the page /srms/script/admin/students, click the Edit button for an existing student record.
4 - In the First Name field, inject the following XSS payload (Copy and Paste):
<script>alert('PoC VulDB SRMS')</script>
Save the changes.
5 - Whenever the /srms/script/admin/students page is accessed, the injected JavaScript will execute in the browser context, confirming a Stored Cross-Site Scripting (XSS) vulnerability. |
|---|
| स्रोत | ⚠️ https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README8.md |
|---|
| उपयोगकर्ता | RaulPACXXX (UID 84502) |
|---|
| सबमिशन | 19/06/2025 10:51 AM (1 वर्ष पहले) |
|---|
| संयम | 21/06/2025 07:34 AM (2 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 313583 [SourceCodester Student Result Management System 1.0 Manage Students manage_students क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|