Cross-Site Scripting Vulnerability in SourceCodester Student Grades Management System
CVE-2025-11485
Key Information:
- Vendor
Sourcecodester
- Vendor
- CVE Published:
- 8 October 2025
Badges
What is CVE-2025-11485?
A cross-site scripting vulnerability exists in the SourceCodester Student Grades Management System 1.0. The flaw is present in the Manage Users Page function add_user located in /admin.php, where inadequate input validation on the parameters first_name and last_name allows remote attackers to inject malicious scripts. This vulnerability can lead to unauthorized actions executed under the user's session or compromise sensitive user data, making it imperative for administrators to apply security measures promptly to safeguard their applications.
Affected Version(s)
Student Grades Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved