提交 #600550: SourceCodester Student Result Management System 1.0 Stored Cross Site Scripting信息

标题SourceCodester Student Result Management System 1.0 Stored Cross Site Scripting
描述A Stored Cross-Site Scripting (XSS) vulnerability was discovered in SRMS 1.0 within the "Manage Students" module. The application fails to properly sanitize user-supplied input in the First Name field. As a result, an attacker with access to the system can inject malicious JavaScript code, which will be persistently stored and executed whenever the students listing page is loaded. This poses a serious risk to administrative users and can be used to steal session cookies, perform unauthorized actions, or deface content. Vulnerability Type: Stored Cross-Site Scripting (XSS) Affected Application: Student Result Management System 1.0 (SRMS 1.0) Vulnerable Endpoint: /srms/script/admin/students Vulnerable Parameter: First Name Impact: Persistent execution of arbitrary JavaScript in the application context ???? Steps to Reproduce (PoC): 1 - Log in to the SRMS 1.0 application with valid administrative credentials. 2 - Navigate to: Students > Manage Students > /srms/script/admin/manage_students, then select a term or session. 3 - On the page /srms/script/admin/students, click the Edit button for an existing student record. 4 - In the First Name field, inject the following XSS payload (Copy and Paste): <script>alert('PoC VulDB SRMS')</script> Save the changes. 5 - Whenever the /srms/script/admin/students page is accessed, the injected JavaScript will execute in the browser context, confirming a Stored Cross-Site Scripting (XSS) vulnerability.
来源⚠️ https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README8.md
用户
 RaulPACXXX (UID 84502)
提交2025-06-19 10時51分 (1 年前)
管理2025-06-21 07時34分 (2 days later)
状态已接受
VulDB条目313583 [SourceCodester Student Result Management System 1.0 Manage Students manage_students 跨网站脚本]
积分20

Want to know what is going to be exploited?

We predict KEV entries!