CVE-2025-5721
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| razormist | student_result_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5721 is a stored Cross Site Scripting (XSS) vulnerability in SourceCodester Student Result Management System version 1.0. It affects multiple input fields, especially for the Academic Teacher role, such as the Email field in the Profile Setting page and others. The vulnerability occurs because user input is not properly neutralized before being included in web page output, allowing attackers to inject malicious scripts that get stored and executed in other users' browsers. This can be exploited remotely but requires some authentication and user interaction. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts in the context of your browser when using the affected system. This can lead to compromise of user data, session hijacking, or other malicious activities that affect system integrity and user trust. Since the exploit is stored and executed within the application, it can affect multiple users who access the compromised fields. The attack requires some authentication and user interaction but is considered easy to exploit. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking for stored cross-site scripting (XSS) in the affected input fields such as Email in Profile Setting, Academic Term, Class Name, Subject, Remark, Division, and Title fields. Since the vulnerability requires authentication and user interaction, monitoring HTTP requests and responses for suspicious script injections in these fields can help detect exploitation attempts. Specific commands are not provided in the resources, but using web application security scanners or manual testing by submitting script payloads in these fields and observing if they are executed can be effective. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been identified for this vulnerability. It is suggested to replace the affected component with an alternative product. Immediate steps include restricting access to the affected system, monitoring for suspicious activity, and applying any available updates or patches if released. Additionally, educating users about the risk and avoiding input of untrusted scripts can help reduce impact until a fix is available. [2]