ByteOS Network

Vulnerability Details :

CVE-2025-5724

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-06 Jun, 2025 | 05:31

Updated At-09 Jun, 2025 | 13:29

SourceCodester Student Result Management System Subjects Page subjects cross site scripting

A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /script/academic/subjects of the component Subjects Page. The manipulation of the argument Subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulDB

Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5

Published At:06 Jun, 2025 | 05:31

Updated At:09 Jun, 2025 | 13:29

▼CVE Numbering Authority (CNA)

SourceCodester Student Result Management System Subjects Page subjects cross site scripting

Affected Products

Vendor

SourceCodester

Product

Student Result Management System

Modules

Subjects Page

Versions

Affected

Problem Types

Type	CWE ID	Description
CWE	CWE-79	Cross Site Scripting
CWE	CWE-94	Code Injection

Type: CWE

CWE ID: CWE-79

Description: Cross Site Scripting

Type: CWE

CWE ID: CWE-94

Description: Code Injection

Metrics

Version	Base score	Base severity	Vector
4.0	4.8	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
3.1	2.4	LOW	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
3.0	2.4	LOW	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
2.0	3.3	N/A	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

Version: 4.0

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 2.4

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

Version: 3.0

Base score: 2.4

Base severity: LOW

Vector:

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

Version: 2.0

Base score: 3.3

Base severity: N/A

Vector:

AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

Timeline

Event	Date
Advisory disclosed	2025-06-05 00:00:00
VulDB entry created	2025-06-05 02:00:00
VulDB entry last update	2025-06-05 14:22:04

Event: Advisory disclosed

Date: 2025-06-05 00:00:00

Event: VulDB entry created

Date: 2025-06-05 02:00:00

Event: VulDB entry last update

Date: 2025-06-05 14:22:04

References

Hyperlink	Resource
https://vuldb.com/?id.311244	vdb-entry technical-description
https://vuldb.com/?ctiid.311244	signature permissions-required
https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md	related
https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md#field-4-subject-field-in-subjects-page	exploit
https://www.sourcecodester.com/	product

Hyperlink: https://vuldb.com/?id.311244

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.311244

Resource:

signature

permissions-required

Hyperlink: https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md

Resource:

Hyperlink: https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md#field-4-subject-field-in-subjects-page

Resource:

exploit

Hyperlink: https://www.sourcecodester.com/

Resource:

product

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

References

Hyperlink	Resource
https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md#field-4-subject-field-in-subjects-page	exploit

Hyperlink: https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md#field-4-subject-field-in-subjects-page

Resource:

exploit

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@vuldb.com

Published At:06 Jun, 2025 | 06:15

Updated At:10 Jun, 2025 | 14:58

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	4.8	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	2.4	LOW	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Primary	3.1	4.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Secondary	2.0	3.3	LOW	AV:N/AC:L/Au:M/C:N/I:P/A:N

Type: Secondary

Version: 4.0

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 2.4

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Type: Primary

Version: 3.1

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Type: Secondary

Version: 2.0

Base score: 3.3

Base severity: LOW

Vector:

AV:N/AC:L/Au:M/C:N/I:P/A:N

CPE Matches

munyweki

>>student_result_management_system>>1.0

cpe:2.3:a:munyweki:student_result_management_system:1.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	cna@vuldb.com
CWE-94	Secondary	cna@vuldb.com
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Secondary

Source: cna@vuldb.com

CWE ID: CWE-94

Type: Secondary

Source: cna@vuldb.com

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md	cna@vuldb.com	Exploit Third Party Advisory
https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md#field-4-subject-field-in-subjects-page	cna@vuldb.com	Exploit Third Party Advisory
https://vuldb.com/?ctiid.311244	cna@vuldb.com	Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.311244	cna@vuldb.com	Third Party Advisory VDB Entry
https://www.sourcecodester.com/	cna@vuldb.com	Product
https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md#field-4-subject-field-in-subjects-page	134c704f-9b21-4f2e-91b3-4a467353bcc0	Exploit Third Party Advisory

Hyperlink: https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md

Source: cna@vuldb.com

Resource:

Exploit

Third Party Advisory

Hyperlink: https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md#field-4-subject-field-in-subjects-page

Source: cna@vuldb.com

Resource:

Exploit

Third Party Advisory

Hyperlink: https://vuldb.com/?ctiid.311244

Source: cna@vuldb.com

Resource:

Permissions Required

Third Party Advisory

VDB Entry

Hyperlink: https://vuldb.com/?id.311244

Source: cna@vuldb.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://www.sourcecodester.com/

Source: cna@vuldb.com

Resource:

Product

Hyperlink: https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md#field-4-subject-field-in-subjects-page

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource:

Exploit

Third Party Advisory

CVE-2025-5724

Credits

SourceCodester Student Result Management System Subjects Page subjects cross site scripting

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs