CVE Details
Basic Information
| Title | SourceCodester Student Result Management System Profile Setting Page update_profile cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-06-06T04:00:17.054Z |
| Last Seen |
Product Information
| Vendor | SourceCodester |
|---|---|
| Product | Student Result Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 4.8 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | The vulnerability allows remote attackers to perform cross-site scripting (XSS) attacks on the Student Result Management System’s Profile Setting Page. This can be exploited to inject malicious scripts that may steal user data or perform other malicious actions. |
|---|---|
| AI Severity | Medium |
| Vendor | SourceCodester |
| Product | Student Result Management System |
| Affected Version | 1.0 |
Affected Products
- SourceCodester Student Result Management System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-79, CWE-94 |
| Bulletin Family |
References
Description
A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/update_profile of the component Profile Setting Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.