CVE-2025-5723
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| munyweki | student_result_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cross-site scripting (XSS) flaw in the SourceCodester Student Result Management System version 1.0, specifically in the Classes Page component at /script/academic/classes. It occurs because the 'Class Name' argument is not properly neutralized, allowing attackers to inject malicious scripts that are then reflected in the web page output. This can compromise data integrity and requires some user interaction and authentication to exploit. [1]
How can this vulnerability impact me? :
The vulnerability can be exploited remotely to inject malicious scripts, potentially compromising data integrity. It may allow attackers to execute scripts in the context of other users, leading to unauthorized actions or data manipulation. Exploitation requires some user interaction and authentication, and no known mitigations currently exist, so the affected system is at risk until replaced or patched. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the Classes Page component at /script/academic/classes for reflected cross-site scripting (XSS) in the "Class Name" argument. Since the vulnerability involves injection of malicious scripts, detection can be performed by sending crafted payloads in the Class Name parameter and observing if the script is reflected and executed. Specific commands or tools such as curl or browser-based testing tools can be used to send HTTP requests with XSS payloads. For example, using curl: curl -i -X GET 'http://target/script/academic/classes?ClassName=<script>alert(1)</script>' and checking the response for script execution or reflection. Automated scanners that test for reflected XSS vulnerabilities can also be used. [1]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been identified for this vulnerability. It is suggested to replace the affected product with an alternative. As an immediate step, restricting access to the vulnerable component and limiting user privileges may reduce risk. Additionally, monitoring for exploitation attempts and applying web application firewalls (WAF) rules to block suspicious input patterns could help mitigate impact until a fix or replacement is implemented. [1]