| 제목 | code-projects Online Student Management System in PHP latest (no version specified by vendor) Cross-Site Scripting |
|---|
| 설명 | A stored cross-site scripting (XSS) vulnerability exists in the Online Student Management System in PHP. Authenticated administrators can inject arbitrary JavaScript code via the announcement management module. The malicious payload is stored in the backend database and executed automatically when other users view the affected announcement, leading to potential session hijacking and unauthorized actions.
|
|---|
| 원천 | ⚠️ https://github.com/baguette168/CVE/issues/1 |
|---|
| 사용자 | baguette168 (UID 94957) |
|---|
| 제출 | 2026. 01. 28. PM 04:49 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 07. AM 09:28 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 344858 [code-projects Online Student Management System 1.0 Announcement Management index.php?view=add 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 19 |
|---|