| Title | itsourcecode Student Transcript Processing System V1.0 Cross Site Scripting |
|---|
| Description | During the security review of "Student Transcript Processing System",I discovered a critical Cross Site Scripting vulnerability in the "/admin/modules/subject/edit.php" file. This vulnerability is caused by not doing any validation on the user input of the "pre" parameter, and directly outputting the content of this field to the web page. Therefore, an attacker can execute malicious javascript code, obtain the credentials of any user of the system, etc. Immediate remediation measures need to be taken to ensure system security and protect data integrity. |
|---|
| Source | ⚠️ https://github.com/Catcheryp/CVE/issues/5 |
|---|
| User | Catcheryp (UID 51973) |
|---|
| Submission | 07/01/2025 01:57 (12 months ago) |
|---|
| Moderation | 07/07/2025 10:09 (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 315121 [itsourcecode Student Transcript Processing System 1.0 edit.php pre cross site scripting] |
|---|
| Points | 20 |
|---|