CVE-2025-5727
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| razormist | student_result_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5727 is a cross-site scripting (XSS) vulnerability in SourceCodester Student Result Management System 1.0, specifically in the Announcement Page component at /script/academic/announcement. It occurs because the 'Title' argument does not properly neutralize user input, allowing attackers to inject malicious scripts into web pages viewed by other users. This can be exploited remotely and requires some user interaction and authentication. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to inject malicious scripts into the web pages served to users, potentially compromising data integrity. It may lead to unauthorized actions performed in the context of authenticated users, possibly resulting in data manipulation or other malicious activities. The exploit is easy to perform and publicly available, increasing the risk of attack. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the Announcement Page component, specifically the /script/academic/announcement file, for cross-site scripting (XSS) in the 'Title' argument. Since the vulnerability involves injection of malicious scripts, you can attempt to inject typical XSS payloads into the Title parameter and observe if they are executed. There is a publicly available proof-of-concept exploit on GitHub that can be used for testing. No specific detection commands are provided, but manual or automated web application security testing tools that check for reflected or stored XSS vulnerabilities on the affected URL and parameter can be used. [1]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been identified for this vulnerability. It is suggested to consider replacing the affected product with an alternative. Immediate steps could include restricting access to the vulnerable component, applying strict input validation or sanitization if possible, and monitoring for exploitation attempts. However, no direct patches or fixes are available according to the provided information. [1]