lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAJanCZQm3GGAzBKx0KXajgKPcO2f_+ymSWLkjiT3rJ-k8krPDA@mail.gmail.com>
Date: Tue, 22 Jul 2025 18:16:43 +0530
From: Sanjay Singh <sanjay70023@...il.com>
To: fulldisclosure@...lists.org
Cc: sec@....at
Subject: [FD]  CVE‑2025‑52187 – Stored XSS in School Management System (PHP/MySQL)

Hello Full Disclosure community,

I’m sharing details of a recently assigned CVE affecting a widely used
open‑source School Management System (PHP/MySQL).

--------------------------------------------
CVE ID: CVE‑2025‑52187
Vulnerability Type: Stored Cross‑Site Scripting (XSS)
Attack Vector: Remote
Discoverer: Sanjay Singh
Vendor Repository:
https://github.com/GetProjectsIdea/Create-School-Management-System-with-PHP-MySQL
Version Tested: 1.0
--------------------------------------------

Description:
The application fails to properly sanitize user-supplied input in
`my_profile_update_form1.php` before storing it in the database. When the
stored data is later rendered on pages such as `get_student_profile.php` or
`dashboard1.php`, embedded JavaScript code executes in the context of the
victim’s browser.

Impacts:
• Session hijacking
• Data exfiltration
• Phishing and fake login forms
• Keystroke logging
• Defacement
• Privilege escalation if viewed by an administrator

--------------------------------------------
Proof of Concept (PoC):
1. Log in as a student user.
2. Navigate to the profile update form (`my_profile_update_form1.php`).
3. In an input field (e.g., Name With Initials), inject:
   <script>alert('XSS-PoC')</script>
4. Submit the form.
5. View the updated profile or dashboard (`get_student_profile.php` or
`dashboard1.php`) to trigger the payload.

--------------------------------------------
Mitigation Recommendations:
• Escape and sanitize all user input before storage/output (e.g., using
htmlspecialchars()).
• Implement a strict Content Security Policy (CSP).
• Perform code reviews and security audits.

Reference:
https://github.com/GetProjectsIdea/Create-School-Management-System-with-PHP-MySQL


This vulnerability has been responsibly disclosed and assigned
CVE‑2025‑52187. Full write‑up with additional details and mitigations is
available on Medium:

https://medium.com/@sanjay70023/cve-2025-52187-stored-xss-in-school-management-system-php-mysql-79cadcd6340f

If there are any questions or further information required, feel free to
reach out.

Best regards,
Sanjay Singh
Independent Security Researcher
LinkedIn <https://www.linkedin.com/in/sanjay70023/>
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ