| Title | SourceCodester Student Management System 1.0 Cross Site Scripting |
|---|
| Description | A stored cross-site scripting (XSS) vulnerability exists in Student Grades Management System 1.0 by SourceCodester. The vulnerability affects the Grades Management module, specifically the "Remarks" parameter when adding or managing grade records.
The application does not properly sanitize or encode user-supplied input before storing it in the backend database. As a result, malicious JavaScript code can be injected and permanently stored.
An authenticated attacker with teacher privileges can insert a crafted payload into the Remarks field. The injected script executes immediately after submission and is triggered again whenever the affected records are viewed, including within the Manage Grades section and the Teacher Dashboard.
Successful exploitation allows execution of arbitrary JavaScript in the context of authenticated users. This may lead to session hijacking, unauthorized actions, data manipulation, or redirection to malicious external resources. |
|---|
| Source | ⚠️ https://gist.github.com/Denilxavier/7fed710040ba7455e9cb499a989c9d69 |
|---|
| User | Denil Xavier (UID 95932) |
|---|
| Submission | 02/26/2026 09:42 (1 month ago) |
|---|
| Moderation | 03/07/2026 21:39 (9 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 332766 [SourceCodester Student Grades Management System 1.0 Add New Grade Page /grades.php Remarks cross site scripting] |
|---|
| Points | 0 |
|---|