SourceCodester Class and Exam Timetabling System Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in SourceCodester Class and Exam Timetabling System version 1.0. The issue resides in the '/forexam.php' file, where the 'day' parameter is not properly validated or encoded, allowing remote attackers to inject and execute malicious scripts in the context of the user's browser. This vulnerability could be exploited to steal cookies, session tokens, or other sensitive information, perform actions on behalf of the user, deface web pages, redirect users to malicious sites, or gain control of the user's browser.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, access the '/forexam.php' file and inject a script payload into the 'day' parameter. The injected script will be executed in the browser, demonstrating the cross-site scripting vulnerability.

Remediation

To address this vulnerability, implement proper output encoding for user inputs, validate and filter input data to reject malicious content, use a Content Security Policy to restrict script execution, set secure and HttpOnly flags for sensitive cookies, and conduct regular security audits.

Added: Jul 18, 2026, 10:23 PM
Updated: Jul 18, 2026, 10:23 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
1.7
exploitability
7.5
remediation
0.0
relevance
9.9
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.