CVE-2022-2767 LOW

CVE-2022-2767: SourceCodester Online Admission System index.php cross site scripting

Vendor Sourcecodester

Product Online Admission System

Weakness CWE-79 · XSS

Published August 11, 2022

Last update April 15, 2025

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in SourceCodester Online Admission System. This affects an unknown part of the file /index.php. The manipulation of the argument student_add leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-206163.

Key dates

02Disclosure timeline

August 11, 2022 CVE published

April 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2767 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-6673 Easy restaurant menu manager <= 2.0.1 - Authenticated (Contributot+) Stored Cross-Site Scripting via `nsc_eprm_menu_link` Shortcode CVE-2026-42548 Flight: Reflected XSS via unvalidated JSONP callback in Flight::jsonp() CVE-2025-23718 WordPress Mancx AskMe Widget plugin <= 0.3 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-54016 WordPress Videopack plugin <= 4.10.3 - Cross Site Scripting (XSS) Vulnerability CVE-2024-9388 Black Widgets For Elementor <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload