Student Management System PHP version 1.0 suffers from a persistent cross site scripting vulnerability.
8392a0caf24c17f8a1d127d3504c635a3817ad69a9e9599d2137bd55a34b324e
For CVE-2020-25955:
# Exploit Title: student management system project PHP - Stored cross-site
scripting
# Exploit Author: Krishna Yadav
# Vendor Homepage: https://www.sourcecodester.com
# Software Link:
https://www.sourcecodester.com/php/14443/student-management-system-project-php.html
# Version: 1.0
# Tested on Windows 10/Kali Linux
Stored cross-site scripting:
Stored attacks are those where the injected script is permanently stored on
the target servers, such as in a database, in a message forum, visitor log,
comment field, etc. The victim then retrieves the malicious script from the
server when it requests the stored information. Stored XSS is also
sometimes referred to as Persistent or Type-I XSS.
Attack Vector:
student management system project version 1.0 is vulnerable to stored XSS.
Each time while editing the subjects XSS popup will reflect.
Vulnerable Parameter: Add subject tab is vulnerable to stored XSS.