| Title | SourceCodester Student Result Management System 1.0 Cross Site Scripting |
|---|
| Description | Stored Cross Site Scripting vulnerabilities were discovered in multiple spots in Student Result Management System v1.0. Specifically, the application contains 4 different roles in the system, there are Administrator, Academic Teacher, Teacher and Student roles. As an Academic Teacher account, the below fields are vulnerable to Stored Cross Site Scripting Vulnerabilities:
Field 1: Email Field in Profile Setting
Field 2: Academic Term field in Academic Terms Page
Field 3: Class Name field in Classes Page
Field 4: Subject field in Subjects Page
Field 5: Remark field in Grading System Page
Field 6: Division field in Division System Page
Field 7: Title field in Announcement Page
|
|---|
| Source | ⚠️ https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md |
|---|
| User | erictee2802 (UID 86165) |
|---|
| Submission | 06/05/2025 07:10 (1 Year ago) |
|---|
| Moderation | 06/05/2025 14:17 (7 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 311241 [SourceCodester Student Result Management System 1.0 Profile Setting Page update_profile cross site scripting] |
|---|
| Points | 20 |
|---|