Exploit for Student Management System Project PHP 1.0 Cross Site Scripting CVE-2020-25955

Name: Exploit for Student Management System Project PHP 1.0 Cross Site Scripting CVE-2020-25955
Rating: 5 (274 reviews)

2020-12-08 | CVSS -0.3

## https://sploitus.com/exploit?id=PACKETSTORM:160398
For CVE-2020-25955:  
  
# Exploit Title: student management system project PHP - Stored cross-site  
scripting  
# Exploit Author: Krishna Yadav  
# Vendor Homepage: https://www.sourcecodester.com  
# Software Link:  
https://www.sourcecodester.com/php/14443/student-management-system-project-php.html  
# Version: 1.0  
# Tested on Windows 10/Kali Linux  
  
Stored cross-site scripting:  
Stored attacks are those where the injected script is permanently stored on  
the target servers, such as in a database, in a message forum, visitor log,  
comment field, etc. The victim then retrieves the malicious script from the  
server when it requests the stored information. Stored XSS is also  
sometimes referred to as Persistent or Type-I XSS.  
  
Attack Vector:  
student management system project version 1.0 is vulnerable to stored XSS.  
Each time while editing the subjects XSS popup will reflect.  
  
Vulnerable Parameter: Add subject tab is vulnerable to stored XSS.