| タイトル | sourcecodester Student Grades Management System 1.0 Improper Input Validation |
|---|
| 説明 | The "Student Grades Management System" application stores user-supplied input (first name / last name / other profile fields) in the database and later outputs the values directly into HTML pages without escaping. An attacker with the ability to create or edit a user (e.g., via the admin UI or signup) can store JavaScript that executes in the browser of any admin/teacher who views the user list or dashboard. This is a stored XSS — critical because it can lead to admin session theft, user takeover, CSRF actions, or full account takeover when combined with other site behaviors. |
|---|
| ソース | ⚠️ https://github.com/sidzeroday/sourcecodester_cve/blob/main/README.md |
|---|
| ユーザー | sidzeroday (UID 90256) |
|---|
| 送信 | 2025年10月02日 11:37 (7 月 ago) |
|---|
| モデレーション | 2025年10月08日 12:21 (6 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 327602 [SourceCodester Student Grades Management System 1.0 Manage Users Page /admin.php add_user first_name/last_name クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|