提交 #748328: code-projects Online Student Management System in PHP latest (no version specified by vendor) Cross-Site Scripting信息

标题code-projects Online Student Management System in PHP latest (no version specified by vendor) Cross-Site Scripting
描述A stored cross-site scripting (XSS) vulnerability exists in the Online Student Management System in PHP. Authenticated administrators can inject arbitrary JavaScript code via the announcement management module. The malicious payload is stored in the backend database and executed automatically when other users view the affected announcement, leading to potential session hijacking and unauthorized actions.
来源⚠️ https://github.com/baguette168/CVE/issues/1
用户
 baguette168 (UID 94957)
提交2026-01-28 16時49分 (3 月前)
管理2026-02-07 09時28分 (10 days later)
状态已接受
VulDB条目344858 [code-projects Online Student Management System 1.0 Announcement Management index.php?view=add 跨网站脚本]
积分19

上一步一览下一步

Do you know our Splunk app?

Download it now for free!