CVE-2025-5725Cross-site Scripting in Student Result Management System

CWE-79Cross-site ScriptingCWE-94Code Injection3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.2%
top 60.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Student Result Management SystemMunyweki Student Result Management System
Timeline
PublishedJun 6

Description

A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/academic/grading-system of the component Grading System Page. The manipulation of the argument Remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-23x5-phcc-jfq4: A vulnerability was found in SourceCodester Student Result Management System 12025-06-06
CVEList
SourceCodester Student Result Management System Grading System Page grading-system cross site scripting2025-06-06
CVE-2025-5725 — Cross-site Scripting | cvebase