| शीर्षक | Yash Pokharna StudentManagementSystem 1.0 Stored Cross-Site Scripting |
|---|
| विवरण | The student.php script directly outputs student names (e.g., the FIRST_NAME field) retrieved from the database into an HTML <td> element without any sanitisation or encoding.
When combined with Vulnerability #2 (unauthorised data insertion), an attacker can insert a malicious JavaScript payload into the student name field. Subsequently, any user (including an administrator) who visits the student.php page will execute the embedded script, potentially leading to session hijacking, cookie theft, or privilege escalation. |
|---|
| स्रोत | ⚠️ https://github.com/yashpokharna2555/StudentManagementSystem/issues/4 |
|---|
| उपयोगकर्ता | P4tt0n (UID 74801) |
|---|
| सबमिशन | 27/04/2026 10:54 AM (1 महीना पहले) |
|---|
| संयम | 24/05/2026 11:06 AM (27 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365452 [yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203 /student.php FIRST_NAME क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|