CVE‑2025‑52187 – Stored XSS in School Management System (PHP/MySQL)
CVE-2025-52187披露了一款开源学校管理系统中的存储型XSS漏洞。该漏洞源于未对用户输入进行充分过滤和转义,在渲染时可执行恶意脚本,导致会话劫持、数据泄露等风险。建议采用htmlspecialchars()函数转义输入,并实施严格的内容安全策略以缓解风险。 2025-7-30 02:48:33 Author: seclists.org(查看原文) 阅读量:0 收藏
CVE-2025-52187披露了一款开源学校管理系统中的存储型XSS漏洞。该漏洞源于未对用户输入进行充分过滤和转义,在渲染时可执行恶意脚本,导致会话劫持、数据泄露等风险。建议采用htmlspecialchars()函数转义输入,并实施严格的内容安全策略以缓解风险。 2025-7-30 02:48:33 Author: seclists.org(查看原文) 阅读量:0 收藏
Full Disclosure mailing list archives
From: Sanjay Singh <sanjay70023 () gmail com>
Date: Tue, 22 Jul 2025 18:16:43 +0530
Hello Full Disclosure community, I’m sharing details of a recently assigned CVE affecting a widely used open‑source School Management System (PHP/MySQL). -------------------------------------------- CVE ID: CVE‑2025‑52187 Vulnerability Type: Stored Cross‑Site Scripting (XSS) Attack Vector: Remote Discoverer: Sanjay Singh Vendor Repository: https://github.com/GetProjectsIdea/Create-School-Management-System-with-PHP-MySQL Version Tested: 1.0 -------------------------------------------- Description: The application fails to properly sanitize user-supplied input in `my_profile_update_form1.php` before storing it in the database. When the stored data is later rendered on pages such as `get_student_profile.php` or `dashboard1.php`, embedded JavaScript code executes in the context of the victim’s browser. Impacts: • Session hijacking • Data exfiltration • Phishing and fake login forms • Keystroke logging • Defacement • Privilege escalation if viewed by an administrator -------------------------------------------- Proof of Concept (PoC): 1. Log in as a student user. 2. Navigate to the profile update form (`my_profile_update_form1.php`). 3. In an input field (e.g., Name With Initials), inject: <script>alert('XSS-PoC')</script> 4. Submit the form. 5. View the updated profile or dashboard (`get_student_profile.php` or `dashboard1.php`) to trigger the payload. -------------------------------------------- Mitigation Recommendations: • Escape and sanitize all user input before storage/output (e.g., using htmlspecialchars()). • Implement a strict Content Security Policy (CSP). • Perform code reviews and security audits. Reference: https://github.com/GetProjectsIdea/Create-School-Management-System-with-PHP-MySQL This vulnerability has been responsibly disclosed and assigned CVE‑2025‑52187. Full write‑up with additional details and mitigations is available on Medium: https://medium.com/@sanjay70023/cve-2025-52187-stored-xss-in-school-management-system-php-mysql-79cadcd6340f If there are any questions or further information required, feel free to reach out. Best regards, Sanjay Singh Independent Security Researcher LinkedIn <https://www.linkedin.com/in/sanjay70023/> _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- CVE‑2025‑52187 – Stored XSS in School Management System (PHP/MySQL) Sanjay Singh (Jul 29)
文章来源: https://seclists.org/fulldisclosure/2025/Jul/28
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh