| शीर्षक | code-projects Coaching Management System in PHP Unknown Cross Site Scripting |
|---|
| विवरण | A stored cross-site scripting (XSS) vulnerability exists in the Coaching Management System in PHP. The issue affects the complaint submission and reply functionality.
A low-privileged user (student) can inject malicious JavaScript which is stored and executed when viewed by higher-privileged users such as administrators or teachers. This allows session hijacking due to missing HttpOnly protection on session cookies.
The vulnerability can be exploited to perform privilege escalation from student to administrator, resulting in full account takeover. The issue also exists in the reply functionality, allowing cross-role exploitation affecting multiple user roles. |
|---|
| स्रोत | ⚠️ https://github.com/Xmyronn/Stored-Cross-Site-Scripting-XSS-in-Coaching-Management-System.git |
|---|
| उपयोगकर्ता | imad alvi (UID 97088) |
|---|
| सबमिशन | 10/04/2026 06:29 PM (2 महीनों पहले) |
|---|
| संयम | 27/04/2026 05:37 PM (17 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 359822 [code-projects Coaching Management System 1.0 Complaint Form Page complaint.php क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|