Volerion logoVolerion
Volerion logoVolerion

SourceCodester Student Result Management System Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in SourceCodester Student Result Management System version 1.0. This issue affects the Profile Setting Page, specifically within the update_profile function of the academic core script. The vulnerability arises because the application fails to properly sanitize user input before displaying it on web pages, allowing for the injection of malicious scripts that are executed in the context of the user's browser. The vulnerability can be exploited remotely, but requires authentication and user interaction.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, log into the application as an Academic Teacher. Navigate to the Profile Setting Page and locate the email field. Inject a script into this field and save the changes. The injected script will be executed when the profile is viewed, demonstrating the cross-site scripting vulnerability.

Added: Jun 6, 2025, 4:19 AM
Updated: Jun 6, 2025, 4:19 AM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
1.7
exploitability
6.0
remediation
0.0
relevance
0.1
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.