| Title | sourcecodester Student Grades Management System 1.0 Improper Input Validation |
|---|
| Description | The "Student Grades Management System" application stores user-supplied input (first name / last name / other profile fields) in the database and later outputs the values directly into HTML pages without escaping. An attacker with the ability to create or edit a user (e.g., via the admin UI or signup) can store JavaScript that executes in the browser of any admin/teacher who views the user list or dashboard. This is a stored XSS — critical because it can lead to admin session theft, user takeover, CSRF actions, or full account takeover when combined with other site behaviors. |
|---|
| Source | ⚠️ https://github.com/sidzeroday/sourcecodester_cve/blob/main/README.md |
|---|
| User | sidzeroday (UID 90256) |
|---|
| Submission | 10/02/2025 11:37 (6 months ago) |
|---|
| Moderation | 10/08/2025 12:21 (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 327602 [SourceCodester Student Grades Management System 1.0 Manage Users Page /admin.php add_user first_name/last_name cross site scripting] |
|---|
| Points | 20 |
|---|