CVE-2021-33371

Name of the Vulnerable Software and Affected Versions Student Management System version 1.0

Description A stored cross-site scripting (XSS) issue in the "/nav bar action.php" API endpoint allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box. This enables the execution of malicious code on the client-side.

Recommendations For Student Management System version 1.0, consider disabling the /nav bar action.php endpoint or restricting access to it until a proper fix is applied, and ensure proper input validation and sanitization for the Chat box to prevent malicious payload injection.