CVE-2023-2425

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Student Information System version 1.0

Description A problematic issue was found in the system, affecting the /classes/Master.php?f=save course component of the Add New Course feature. The manipulation of the name argument with malicious input, such as <script>alert(document.cookie)</script>, leads to cross-site scripting. This issue can be exploited remotely.

Recommendations For SourceCodester Simple Student Information System version 1.0, as a temporary workaround, consider restricting access to the save course function in the /classes/Master.php file until a patch is available. Avoid using the name argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.