Home Tools Exploits & CVE's Student Management System Project PHP 1.0 Cross Site Scripting

Student Management System Project PHP 1.0 Cross Site Scripting

December 8, 2020

921

Student Management System PHP version 1.0 suffers from a persistent cross site scripting vulnerability.

advisories | CVE-2020-25955

For CVE-2020-25955:

# Exploit Title: student management system project PHP - Stored cross-site
scripting
# Exploit Author: Krishna Yadav
# Vendor Homepage: https://www.sourcecodester.com
# Software Link:
https://www.sourcecodester.com/php/14443/student-management-system-project-php.html
# Version: 1.0
# Tested on Windows 10/Kali Linux

Stored cross-site scripting:
Stored attacks are those where the injected script is permanently stored on
the target servers, such as in a database, in a message forum, visitor log,
comment field, etc. The victim then retrieves the malicious script from the
server when it requests the stored information. Stored XSS is also
sometimes referred to as Persistent or Type-I XSS.

Attack Vector:
student management system project version 1.0 is vulnerable to stored XSS.
Each time while editing the subjects XSS popup will reflect.

Vulnerable Parameter: Add subject tab is vulnerable to stored XSS.

Student Management System Project PHP 1.0 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

LRMS PHP 1.0 SQL Injection / Shell Upload

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Landa Driving School Management System 2.0.1 Arbitrary File Upload

Linux USB Use-After-Free

ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root