CVE Details
Basic Information
| Title | itsourcecode Student Transcript Processing System edit.php cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-07-08T14:32:06.194Z |
| Modified | 2025-07-08T14:38:58.862Z |
Product Information
| Vendor | itsourcecode |
|---|---|
| Product | Student Transcript Processing System |
| Version | 1.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A cross-site scripting (XSS) vulnerability in the itsourcecode Student Transcript Processing System 1.0 allows remote attackers to inject malicious scripts via the ‘pre’ argument in edit.php. This could lead to stealing user session data or hijacking user sessions. |
|---|---|
| AI Severity | Medium |
| AI Vendor | itsourcecode |
| AI Product | Student Transcript Processing System |
| AI Version | 1.0 |
Affected Products
- itsourcecode Student Transcript Processing System 1.0
Additional Information
| CWE List | CWE-79, CWE-94 |
|---|---|
| Source | VulDB |
Description
A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/modules/subject/edit.php. The manipulation of the argument pre leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.