CVE-2025-5724
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| munyweki | student_result_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5724 is a cross-site scripting (XSS) vulnerability in SourceCodester Student Result Management System 1.0, specifically in the Subjects Page component at /script/academic/subjects. It occurs because the 'Subject' argument is not properly neutralized, allowing attackers to inject malicious scripts that execute in other users' browsers. The vulnerability requires authentication and user interaction to exploit and can be triggered remotely. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts in the browsers of authenticated users, potentially compromising data integrity. It may lead to unauthorized actions performed on behalf of users or theft of session information. Although the severity is rated low to moderate, the exploit is easy to perform and publicly available, increasing the risk of exploitation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the 'Subject' parameter in the /script/academic/subjects page for cross-site scripting (XSS) by injecting typical XSS payloads and observing if they are reflected without proper neutralization. Since the exploit requires authentication and user interaction, detection involves authenticated testing. Specific commands are not provided in the resources, but typical detection involves using tools like curl or browser-based testing with payloads such as <script>alert(1)</script> in the Subject parameter to see if the script executes. [1]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been identified for this vulnerability. The suggested immediate step is to replace the affected product with an alternative solution to avoid exploitation. [1]