Submit #785739: SourceCodester Student Grades Management System 1.0 Cross Site Scriptinginfo

TitleSourceCodester Student Grades Management System 1.0 Cross Site Scripting
DescriptionA Stored Cross-Site Scripting (XSS) vulnerability exists in the administrative user management functionality of the Student Grades Management System. The vulnerability occurs when the application processes user input supplied through the username parameter during the user creation process. The affected endpoint is: /student-grades-management-system/admin.php During user creation, the application accepts several parameters via an HTTP POST request, including: first_name last_name username email role password The value provided in the username parameter is stored in the backend database without proper validation or sanitization. Because the stored value is later rendered within the application interface without applying output encoding, malicious HTML or JavaScript code can be executed in the browser of users who view the affected data. An attacker can exploit this vulnerability by submitting specially crafted input in the username field. Once stored, the payload becomes persistent and executes when the application displays the stored username. payload used during testing: <script>alert(1)</script> In the captured request, the payload was injected as part of the username value: username=admingdkxf<script>alert(1)</script>s6zk6 When the affected page is loaded, the injected script executes in the browser. Because the payload is stored server-side and executed whenever the affected data is rendered, this issue is classified as a Stored (Persistent) Cross-Site Scripting vulnerability.
Source⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Stored%20Cross-Site%20Scripting%20(XSS)%20in%20Student%20Grades%20Management%20System%20username%20Parameter.md
User
 AhmadMarzouk (UID 95993)
Submission03/22/2026 19:51 (18 days ago)
Moderation04/05/2026 18:53 (14 days later)
StatusDuplicate
VulDB entry327602 [SourceCodester Student Grades Management System 1.0 Manage Users Page /admin.php add_user first_name/last_name cross site scripting]
Points0

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!