| शीर्षक | Code-projects Student File Management System v1.0 Stored XSS vulnerability |
|---|
| विवरण | A storage-type XSS vulnerability was found in the "update_student.php" file of the "Student File Management System" project. Root Cause Because update_student.php does not escape, clean or parameterize the POST request data submitted by the student, when the attacker submits a malicious Payload in the firstname, lastname field (for example,"<img src=x onerror=alert(1)>"), the code does not block it and permanently stores it in the "student" table of the database. When “student.php” reads the malicious firstname, lastname data in the database, and “echo $fetch['firstname']、echo $fetch['lastname']” to an HTML page as-is, the browser will <script>treat the HTML tag and execute its content. Immediate corrective actions are essential to safeguard system security and uphold data integrity. |
|---|
| स्रोत | ⚠️ https://github.com/jjjjj-zr/jjjjjzr16/issues/1 |
|---|
| उपयोगकर्ता | jjzr (UID 93346) |
|---|
| सबमिशन | 12/12/2025 08:58 AM (4 महीनों पहले) |
|---|
| संयम | 13/12/2025 02:30 PM (1 day later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 336395 [code-projects Student File Management System 1.0 update_student.php क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|