| 제목 | SapneshNaik Student-Management-System V1.0 Reflected XSS |
|---|
| 설명 | The XSS vulnerability exists in the project’s `index.php` and `admin.php` files (root directory of the project). Both pages have the same backend processing logic for the `error` GET parameter, leading to the same XSS vulnerability.
The XSS vulnerability is caused by improper handling of the user-controlled `error` GET parameter in both `index.php` and `admin.php` files. The backend code directly outputs the value of the`error` parameter to the HTML page without any input validation, sanitization, or encoding (e.g., using the `htmlspecialchars()` function). This allows attackers to construct malicious XSS payloads, which are executed when the page is rendered in the user’s browser. |
|---|
| 원천 | ⚠️ https://github.com/duckpigdog/CVE/blob/main/XSS%E2%80%94%E2%80%94SapneshNaik_Student-Management-System.md |
|---|
| 사용자 | suc2es2 (UID 90074) |
|---|
| 제출 | 2026. 02. 07. PM 07:40 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 21. PM 06:28 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 347313 [SapneshNaik Student Management System 까지 f4b4f0928f0b5551a28ee81ae7e7fe47d9345318 index.php 오류 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|