CVE Details
Basic Information
| Title | SourceCodester Student Result Management System Announcement Page announcement cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-06-06T06:31:05.700Z |
| Last Seen |
Product Information
| Vendor | SourceCodester |
|---|---|
| Product | Student Result Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 4.8 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A cross-site scripting (XSS) vulnerability exists in the Announcement Page of SourceCodester Student Result Management System 1.0. Attackers can exploit this by manipulating the Title argument to inject malicious scripts, which are then executed in the context of the victim’s browser. The vulnerability is remotely exploitable and has been publicly disclosed. |
|---|---|
| AI Severity | Medium |
| Vendor | SourceCodester |
| Product | Student Result Management System |
| Affected Version | 1.0 |
Affected Products
- SourceCodester Student Result Management System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-79, CWE-94 |
| Bulletin Family |
References
Description
A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the component Announcement Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.