| 标题 | SourceCodester Student Result Management System 1.0 Stored Cross Site Scripting |
|---|
| 描述 | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in SRMS 1.0 within the "Manage Students" module. The application fails to properly sanitize user-supplied input in the First Name field. As a result, an attacker with access to the system can inject malicious JavaScript code, which will be persistently stored and executed whenever the students listing page is loaded. This poses a serious risk to administrative users and can be used to steal session cookies, perform unauthorized actions, or deface content.
Vulnerability Type: Stored Cross-Site Scripting (XSS)
Affected Application: Student Result Management System 1.0 (SRMS 1.0)
Vulnerable Endpoint: /srms/script/admin/students
Vulnerable Parameter: First Name
Impact: Persistent execution of arbitrary JavaScript in the application context
???? Steps to Reproduce (PoC):
1 - Log in to the SRMS 1.0 application with valid administrative credentials.
2 - Navigate to: Students > Manage Students > /srms/script/admin/manage_students, then select a term or session.
3 - On the page /srms/script/admin/students, click the Edit button for an existing student record.
4 - In the First Name field, inject the following XSS payload (Copy and Paste):
<script>alert('PoC VulDB SRMS')</script>
Save the changes.
5 - Whenever the /srms/script/admin/students page is accessed, the injected JavaScript will execute in the browser context, confirming a Stored Cross-Site Scripting (XSS) vulnerability. |
|---|
| 来源 | ⚠️ https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README8.md |
|---|
| 用户 | RaulPACXXX (UID 84502) |
|---|
| 提交 | 2025-06-19 10時51分 (1 年前) |
|---|
| 管理 | 2025-06-21 07時34分 (2 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 313583 [SourceCodester Student Result Management System 1.0 Manage Students manage_students 跨网站脚本] |
|---|
| 积分 | 20 |
|---|