| Título | ITSOURCECODE Student Management System 1.0 Improper Neutralization of Alternate XSS Syntax |
|---|
| Descrição | The ITSOURCECODE Student Management System version 1.0, developed and distributed by ITSOURCECODE, is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Add Student module, specifically within the Student Profile Picture file upload functionality. The application allows users with administrative access to upload SVG files without performing adequate server-side validation or sanitization. Because SVG is an XML-based format capable of embedding JavaScript, a malicious payload uploaded as a student profile image is stored on the server and later rendered by the browser. When the uploaded image is accessed through the Manage Student module or opened directly in a new browser tab, the embedded JavaScript executes in the context of the application, resulting in persistent client-side code execution and exposing authenticated users to security risks. |
|---|
| Fonte | ⚠️ https://github.com/AS-AbdulSamad/CVE-1/tree/main |
|---|
| Utilizador | AS-AbdulSamad (UID 95469) |
|---|
| Submissão | 10/02/2026 22h57 (há 3 meses) |
|---|
| Moderação | 21/02/2026 16h14 (11 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 347311 [itsourcecode Student Management System 1.0 Add Student /add_student/ Script de Site Cruzado] |
|---|
| Pontos | 20 |
|---|