Gửi #674456: Sourcecodester Student Grades Management System 1.0 Cross Site Scriptingthông tin

tiêu đề	Sourcecodester Student Grades Management System 1.0 Cross Site Scripting
Mô tả	#Discoverer: Shuvo Ahmed Sanin (A Researcher From Red Team Bangladesh) ????A Stored XSS vulnerability exists in Sourcecodester Student Grades Management System v1.0 that allows unauthenticated remote attackers to inject crafted input into database queries. Successful exploitation can lead to unauthorized data disclosure, modification, or deletion of the application database, and may allow additional actions depending on the database privileges. ????Affected Component: Sourcecodester Student Grades Management System v.1.0 is vulnerable to Stored Cross Site Scripting (XSS) via Manage Users Section. ????Impact Code execution: True ????Steps to Reproduce: Steps to Reproduce: 1.Login as Admin using user: admin & pass: admin123 2.After successful login to dashboard (http://localhost/student-grades-management-system/admin.php?action=delete_user&id=4) then go to Manage Users Section 3.Add New User with required fields or Edit Any User Info 4.After coming to Edit Section use this XSS payload <img src="x" onerror="alert(document.cookie);"> instead of Username field. Same way First Name, Last Name fields are also XSS vulnerable. 5.Click on Update User 6.Wow! Stored XSS executed ! 7.Logout and Login again you will see the executed XSS pop up again which indicates it’s a stored XSS. ????PoC Video: https://drive.google.com/file/d/1CsswaikqiIJznjlb7xxHcWDOlnJRFqUg/view?usp=sharing ????Impact: 1.Session Hijacking: Attackers can steal authentication cookies. 2.Phishing Attacks: Users can be tricked into providing sensitive credentials. 3.Data Theft: Exploited XSS can lead to information disclosure. 4.Content Manipulation: Attackers can modify displayed content or deface the application. ????Mitigation: 1.Sanitize Input: Implement strict input validation and escape special characters. 2.Output Encoding: Encode user input before rendering it in the browser. 3.Implement CSP (Content Security Policy): Restrict execution of inline scripts. ????Reference: https://www.linkedin.com/in/shuvo-ahmed-sanin/
Nguồn	⚠️ https://github.com/sanin-s1r3n/CVE-Research/blob/main/CVE-4
Người dùng	redteam_bd (UID 89841)
Đệ trình	14/10/2025 02:54 (cách đây 8 các tháng)
Kiểm duyệt	27/10/2025 13:22 (13 days later)
Trạng thái	được chấp nhận
Mục VulDB	330119 [SourceCodester Student Grades Management System 1.0 /admin.php delete_user Tập lệnh chéo trang]
điểm	20

◂ Trước Tổng Quan Tiếp theo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!