| शीर्षक | SourceCodester CET Automated Grading System with AI Predictive Analytics in PHP and MySQL 1.0 Cross Site Scripting |
|---|
| विवरण | The student self-registration portal in CET Automated Grading System 1.0 fails to sanitize or encode user-supplied input before storing it in the database. An unauthenticated attacker can register a student account with JavaScript payloads injected into any registration field. The malicious payload is stored in the database and executes in the browser of any administrator who visits the dashboard where enrolled students are listed.
This is a critical attack chain — no authentication is required to inject the payload, but it executes in a privileged admin context, enabling session cookie theft and full admin account takeover. |
|---|
| स्रोत | ⚠️ https://github.com/Xmyronn/Stored-XSS-in-CET-Automated-Grading-System-Student-Registration-Unauthenticated-Admin-Dashboard-.git |
|---|
| उपयोगकर्ता | imad alvi (UID 97088) |
|---|
| सबमिशन | 13/04/2026 01:20 PM (2 महीनों पहले) |
|---|
| संयम | 29/04/2026 01:41 PM (16 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360133 [SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php?action=register क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|