Cross Site Scripting Vulnerability in SourceCodester Student Grades Management System 1.0
CVE-2025-13349

5.1MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Student Grades Management System
Vendor: CVE Published:; 18 November 2025

🔔 Create Sourcecodester Vulnerability Alert

What is CVE-2025-13349?

A cross site scripting vulnerability exists in the Add New Grade component of SourceCodester Student Grades Management System 1.0. The flaw is in the processing of the /grades.php file, where manipulation of the 'Remarks' argument allows attackers to execute arbitrary JavaScript code in the context of users' browsers. This could result in unauthorized access to sensitive data or redirection to malicious sites. Remote exploitation is feasible, and public disclosure of this vulnerability has occurred, raising serious concerns about the application's security.