CVE-2020-25955 – SourceCodester Student Management System Project in PHP version 1.0 is vu

SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting (XSS) via the ‘add subject’ tab.

 

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25955

Reference (s):

• FULLDISC:20201207 Request for full disclosure of CVE-2020-25889 & CVE-2020-25955
• URL: http://seclists.org/fulldisclosure/2020/Dec/4
• http://packetstormsecurity.com/files/160398/Student-Management-System-Project-PHP-1.0-Cross-Site-Scripting.html
• https://seclists.org/fulldisclosure/2020/Dec/4
• https://www.sourcecodester.com/php/14443/student-management-system-project-php.html