Cross-Site Scripting Vulnerability in SourceCodester Online Courseware
CVE-2025-0800

5.1MEDIUM

Key Information:

Vendor
Sourcecodester
Status
Online Courseware
Vendor
CVE Published:
29 January 2025

Summary

A vulnerability has been identified in SourceCodester Online Courseware 1.0, specifically in the Edit Teacher function found in the file /pcci/admin/saveeditt.php. This flaw arises from improper handling of the 'fname' argument, enabling attackers to execute malicious scripts in the context of another user's session. The vulnerability poses a significant risk as it can be exploited remotely, allowing unauthorized users to inject arbitrary JavaScript into web pages viewed by other users. The publicly disclosed nature of this exploit heightens the urgency for remediation.

Affected Version(s)

Online Courseware 1.0

References

https://vuldb.com/?id.293922
vdb-entrytechnical-description
https://vuldb.com/?ctiid.293922
signaturepermissions-required
https://vuldb.com/?submit.484935
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ayush8816 (VulDB User)
.