Primary

Context

Code-Projects Student Information System Cross-Site Scripting Vulnerability in register.php

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Code-Projects Student Information System version 2.0, specifically within the register.php file. This vulnerability allows for unrestricted XSS, leading to stored XSS attacks. Exploitation of this issue can be done remotely, and it has been publicly disclosed with an available proof-of-concept exploit.

Impact

Exploitation of this vulnerability allows for cross-site scripting attacks, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, register a new account using the username parameter with a script payload, such as a JavaScript alert tag. After registration, log into the account. The injected script will execute, demonstrating the cross-site scripting vulnerability.

Added: Nov 16, 2025, 9:18 AM

Updated: Nov 16, 2025, 9:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

1.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

1.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Code-Projects Student Information System Cross-Site Scripting Vulnerability in register.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating