codingWithElias School Management System Cross-Site Scripting Vulnerability in Edit Student Info Page
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in the codingWithElias School Management System, in versions prior to f1ac334bfd89ae9067cc14dea12ec6ff3f078c01. The issue arises in the Edit Student Info Page, specifically within the student-view.php file. The vulnerability is triggered by manipulating the 'First Name' argument, allowing for remote exploitation. This vulnerability is publicly known and has an available exploit.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Reproduction
To reproduce this vulnerability, log into the application and navigate to the Edit Student Info Page. Once there, manipulate the 'First Name' input field with a payload that includes JavaScript or other executable code. When the input is saved and viewed, the injected script will execute, demonstrating the cross-site scripting vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.