vendor:
Teachers Record Management System
by:
nhattruong
8,8
CVSS
HIGH
Stored Cross-site Scripting (XSS)
79
CWE
Product Name: Teachers Record Management System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:phpgurukul:teachers_record_management_system
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10 + XAMPP v3.2.4
2021
Teachers Record Management System 1.0 – ’email’ Stored Cross-site Scripting (XSS)
Teachers Record Management System 1.0 is vulnerable to stored cross-site scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'email' field of the 'adminprofile.php' page. When an administrator views the profile page, the malicious code will be executed in the browser, allowing the attacker to perform various malicious activities.
Mitigation:
Input validation should be used to prevent malicious code from being injected into the 'email' field. Additionally, the application should be configured to use a Content Security Policy (CSP) to prevent malicious code from being executed in the browser.
