CVE-2025-4469

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-4469
A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassword2 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/Colorado-all/cve/blob/main/Online%20Student%20Clearance%20System/xss-1.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.308088 Permissions Required VDB Entry
https://vuldb.com/?id.308088 Third Party Advisory VDB Entry
https://vuldb.com/?submit.566248 Third Party Advisory VDB Entry
https://www.sourcecodester.com/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:senior-walter:online_student_clearance_system:1.0:*:*:*:*:*:*:*
History

16 May 2025, 14:15

Type Values Removed Values Added
Summary A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument Username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassword2 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CWE CWE-94
CWE-79

14 May 2025, 20:54

Type Values Removed Values Added
First Time Senior-walter online Student Clearance System
Senior-walter
CPE cpe:2.3:a:senior-walter:online_student_clearance_system:1.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 2.4 		v2 : unknown
v3 : 5.4
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product
References () https://github.com/Colorado-all/cve/blob/main/Online%20Student%20Clearance%20System/xss-1.md - () https://github.com/Colorado-all/cve/blob/main/Online%20Student%20Clearance%20System/xss-1.md - Exploit, Third Party Advisory
References () https://vuldb.com/?submit.566248 - () https://vuldb.com/?submit.566248 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.308088 - () https://vuldb.com/?id.308088 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?ctiid.308088 - () https://vuldb.com/?ctiid.308088 - Permissions Required, VDB Entry

09 May 2025, 07:16

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-09 07:16

Updated : 2025-05-16 14:15

NVD link : CVE-2025-4469

Mitre link : CVE-2025-4469

JSON object : View

Products Affected

senior-walter

  • online_student_clearance_system
CWE

No CWE.