CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6477 – SourceCodester Student Result Management System System Settings Page system cross site scripting
https://notcve.org/view.php?id=CVE-2025-6477
22 Jun 2025 — A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/admin/system of the component System Settings Page. The manipulation of the argument School Name leads to cross site scripting. The attack can be launched remotely. • https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README9.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6475 – SourceCodester Student Result Management System Manage Students Module manage_students cross site scripting
https://notcve.org/view.php?id=CVE-2025-6475
22 Jun 2025 — A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/admin/manage_students of the component Manage Students Module. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README8.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5727 – SourceCodester Student Result Management System Announcement Page announcement cross site scripting
https://notcve.org/view.php?id=CVE-2025-5727
06 Jun 2025 — A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the component Announcement Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.311247 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5726 – SourceCodester Student Result Management System Division System Page division-system cross site scripting
https://notcve.org/view.php?id=CVE-2025-5726
06 Jun 2025 — A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. The manipulation of the argument Division leads to cross site scripting. The attack may be launched remotely. • https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5725 – SourceCodester Student Result Management System Grading System Page grading-system cross site scripting
https://notcve.org/view.php?id=CVE-2025-5725
06 Jun 2025 — A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/academic/grading-system of the component Grading System Page. The manipulation of the argument Remark leads to cross site scripting. The attack can be launched remotely. • https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5724 – SourceCodester Student Result Management System Subjects Page subjects cross site scripting
https://notcve.org/view.php?id=CVE-2025-5724
06 Jun 2025 — A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /script/academic/subjects of the component Subjects Page. The manipulation of the argument Subject leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5723 – SourceCodester Student Result Management System Classes Page classes cross site scripting
https://notcve.org/view.php?id=CVE-2025-5723
06 Jun 2025 — A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/academic/classes of the component Classes Page. The manipulation of the argument Class Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5722 – SourceCodester Student Result Management System Add Academic Term terms cross site scripting
https://notcve.org/view.php?id=CVE-2025-5722
06 Jun 2025 — A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /script/academic/terms of the component Add Academic Term. The manipulation of the argument Academic Term leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5721 – SourceCodester Student Result Management System Profile Setting Page update_profile cross site scripting
https://notcve.org/view.php?id=CVE-2025-5721
06 Jun 2025 — A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/update_profile of the component Profile Setting Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5649 – SourceCodester Student Result Management System Register Interface new_user access control
https://notcve.org/view.php?id=CVE-2025-5649
05 Jun 2025 — A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/new_user of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Watskip/GeneralResearch/blob/main/Exploits/SRMS/Unauthorized%20privileged%20user%20creation.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •