| Título | sourcecodester Student Grades Management System 1.0 Improper Input Validation |
|---|
| Descrição | The "Student Grades Management System" application stores user-supplied input (first name / last name / other profile fields) in the database and later outputs the values directly into HTML pages without escaping. An attacker with the ability to create or edit a user (e.g., via the admin UI or signup) can store JavaScript that executes in the browser of any admin/teacher who views the user list or dashboard. This is a stored XSS — critical because it can lead to admin session theft, user takeover, CSRF actions, or full account takeover when combined with other site behaviors. |
|---|
| Fonte | ⚠️ https://github.com/sidzeroday/sourcecodester_cve/blob/main/README.md |
|---|
| Utilizador | sidzeroday (UID 90256) |
|---|
| Submissão | 02/10/2025 11h37 (há 7 meses) |
|---|
| Moderação | 08/10/2025 12h21 (6 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 327602 [SourceCodester Student Grades Management System 1.0 Manage Users Page /admin.php add_user first_name/last_name Script de Site Cruzado] |
|---|
| Pontos | 20 |
|---|