| 제목 | Fabian Ros Student Information System In PHP With Source Code November 2, 2025 Cross Site Scripting |
|---|
| 설명 | Multiple Cross-Site Scripting (XSS) vulnerabilities in Student Information System (version uploaded on November 2, 2025) allow remote attackers to execute arbitrary JavaScript in the context of a victim's browser via multiple vectors.
Stored XSS: The student profile editing function in /profile.php fails to sanitize the firstname and lastname parameters before storing them in the database. The malicious script executes whenever any user (including administrators) views the affected profile, such as on the /searchresults.php page.
Reflected XSS: The search functionality in /searchresults.php fails to properly encode the searchbox GET parameter. An attacker can craft a malicious URL that executes a script when clicked by a victim, leading to potential session hijacking or unauthorized actions.
Both flaws are caused by a lack of output encoding and input sanitization, potentially allowing attackers to steal session cookies or perform actions on behalf of the victim. |
|---|
| 원천 | ⚠️ https://github.com/i4G5d/CRITICAL-SECURITY-VULNERABILITY-REPORT-Stored-XSS |
|---|
| 사용자 | i4g5d (UID 92060) |
|---|
| 제출 | 2025. 12. 20. PM 04:56 (4 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 23. PM 03:33 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 337858 [code-projects Student Information System 1.0 /profile.php firstname/lastname 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|