Submit #600550: SourceCodester Student Result Management System 1.0 Stored Cross Site Scriptinginfo

TitleSourceCodester Student Result Management System 1.0 Stored Cross Site Scripting
DescriptionA Stored Cross-Site Scripting (XSS) vulnerability was discovered in SRMS 1.0 within the "Manage Students" module. The application fails to properly sanitize user-supplied input in the First Name field. As a result, an attacker with access to the system can inject malicious JavaScript code, which will be persistently stored and executed whenever the students listing page is loaded. This poses a serious risk to administrative users and can be used to steal session cookies, perform unauthorized actions, or deface content. Vulnerability Type: Stored Cross-Site Scripting (XSS) Affected Application: Student Result Management System 1.0 (SRMS 1.0) Vulnerable Endpoint: /srms/script/admin/students Vulnerable Parameter: First Name Impact: Persistent execution of arbitrary JavaScript in the application context ???? Steps to Reproduce (PoC): 1 - Log in to the SRMS 1.0 application with valid administrative credentials. 2 - Navigate to: Students > Manage Students > /srms/script/admin/manage_students, then select a term or session. 3 - On the page /srms/script/admin/students, click the Edit button for an existing student record. 4 - In the First Name field, inject the following XSS payload (Copy and Paste): <script>alert('PoC VulDB SRMS')</script> Save the changes. 5 - Whenever the /srms/script/admin/students page is accessed, the injected JavaScript will execute in the browser context, confirming a Stored Cross-Site Scripting (XSS) vulnerability.
Source⚠️ https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README8.md
User
 RaulPACXXX (UID 84502)
Submission06/19/2025 10:51 (1 Year ago)
Moderation06/21/2025 07:34 (2 days later)
StatusAccepted
VulDB entry313583 [SourceCodester Student Result Management System 1.0 Manage Students manage_students cross site scripting]
Points20

Do you need the next level of professionalism?

Upgrade your account now!