CVE Details
Basic Information
| Title | SourceCodester Student Result Management System Add Academic Term terms cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-06-06T04:31:06.058Z |
| Last Seen |
Product Information
| Vendor | SourceCodester |
|---|---|
| Product | Student Result Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 4.8 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A stored cross-site scripting (XSS) vulnerability exists in the Add Academic Term feature of SourceCodester Student Result Management System 1.0. The vulnerability allows remote attackers to inject arbitrary web scripts via the Academic Term field, potentially compromising user sessions. |
|---|---|
| AI Severity | Medium |
| Vendor | SourceCodester |
| Product | Student Result Management System |
| Affected Version | 1.0 |
Affected Products
- SourceCodester Student Result Management System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-79, CWE-94 |
| Bulletin Family |
References
Description
A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /script/academic/terms of the component Add Academic Term. The manipulation of the argument Academic Term leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.