Sourcecodester Student Grades Management System Using PHP and MySQL v1.0 – Stored Cross-Site Scripting (XSS)
Details:
- Date: 20-03-2026
- Affected Version: v1.0
- Vendor Homepage: https://www.sourcecodester.com/
- Vendor Notification: 20-03-2026
- Advisory Publication: 20-03-2026 (with no technical details)
- Public Disclosure: N/A
- Software Link: https://www.sourcecodester.com/php/18408/student-grades-management-system-using-html-css-and-javascript-source-code.html
- CVE Assigned: Pending
- Author: Josué Mier (aka blu3ming)
Description:
Stored Cross-Site Scripting (XSS) is a vulnerability where malicious scripts are permanently stored on the target server (in databases, message forums, comment fields, etc.) and executed when other users retrieve the stored data. Unlike reflected XSS, the malicious payload persists and affects multiple victims without requiring them to click a malicious link. The attack occurs when user input is saved without proper sanitization and later rendered in other users’ browsers without adequate output encoding.
Affected Locations:
Complete information regarding the vulnerability will be revealed once the vendor supplies a patch
Proof of Concept:
Complete information regarding the vulnerability will be revealed once the vendor supplies a patch