Primary

Context

Code-Projects Student Information Management System Cross-Site Scripting Vulnerability in Login.php

Vulnerability

A cross-site scripting vulnerability has been identified in version 1.0 of the Code-Projects Student Information Management System. The issue resides in the login.php file, where the uname parameter is not properly validated, allowing for the injection of malicious scripts. This vulnerability can be exploited remotely and has been made public.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

The vulnerability can be reproduced by sending a POST request to the login.php file with a crafted uname parameter that includes the injected script or payload. This can be done using tools like sqlmap, which automates the process of finding and exploiting SQL injection vulnerabilities.

Added: Aug 29, 2025, 12:20 AM

Updated: Aug 29, 2025, 12:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Code-Projects Student Information Management System Cross-Site Scripting Vulnerability in Login.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating