CVE-2025-5726
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-06

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. The manipulation of the argument Division leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-06
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-06-06
EPSS Evaluated
2026-05-05
NVD
CVE-2025-5726
EUVD
EUVD-2025-17057
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
razormist student_result_management_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a cross-site scripting (XSS) issue in the SourceCodester Student Result Management System version 1.0, specifically in the Division System Page component. It occurs because the 'Division' argument is not properly neutralized, allowing an attacker to inject malicious scripts that get reflected in the web page output. This can be exploited remotely but requires the attacker to have authenticated access and the victim to interact with the malicious content. [1]


How can this vulnerability impact me? :

The vulnerability can impact you by compromising data integrity through the injection of malicious scripts. An attacker could exploit this to perform actions such as stealing session cookies, defacing web content, or redirecting users to malicious sites. However, exploitation requires the attacker to have authenticated access and the victim to interact with the malicious payload. There are currently no known mitigations or patches, so the affected product should be replaced. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by testing the 'Division' argument in the /script/academic/division-system page for cross-site scripting (XSS) by injecting typical XSS payloads and observing if they are reflected without proper neutralization. Since the exploit requires authentication and user interaction, detection involves authenticated testing. Specific commands are not provided, but using web vulnerability scanners or manual testing with payloads such as <script>alert(1)</script> in the 'Division' parameter can help identify the issue. [1]


What immediate steps should I take to mitigate this vulnerability?

No known countermeasures or patches are currently available for this vulnerability. The suggested immediate step is to replace the affected product with an alternative. Additionally, restricting access to the vulnerable component, applying strict input validation or output encoding if possible, and monitoring for exploitation attempts are advisable interim measures. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart