CVE-2025-5722
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| munyweki | student_result_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5722 is a cross-site scripting (XSS) vulnerability in SourceCodester Student Result Management System 1.0, specifically in the Add Academic Term feature. It occurs because user input (the Academic Term argument) is not properly neutralized before being included in the web page output, allowing attackers to inject malicious scripts. This can be exploited remotely but requires victim interaction and some authentication. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to inject malicious scripts into the web application, potentially compromising data integrity. Although exploitation requires user interaction and authentication, it can lead to unauthorized actions or data manipulation within the system. There are currently no known mitigations, and replacement with an alternative product is suggested. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the 'Add Academic Term' functionality in the SourceCodester Student Result Management System version 1.0, specifically targeting the /script/academic/terms endpoint. Detection involves attempting to inject malicious scripts into the Academic Term input to see if the input is improperly neutralized, indicating cross-site scripting (XSS). Since a proof-of-concept exploit is publicly available on GitHub, it can be used to verify the vulnerability. There are no specific commands provided, but typical detection involves using web application testing tools such as curl or browser-based testing with payloads like <script>alert(1)</script> in the Academic Term field. [1]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations currently exist for this vulnerability. The suggested immediate step is to replace the vulnerable product with an alternative solution. Additionally, monitoring for suspicious activity related to the 'Add Academic Term' functionality and restricting access where possible may help reduce risk until a fix or patch is available. [1]