CVE-2025-4470 MEDIUM

CVE-2025-4470: SourceCodester Online Student Clearance System add-student.php cross site scripting

Vendor Sourcecodester

Product Online Student Clearance System

Weakness CWE-79 · XSS

Published May 9, 2025

Last update May 9, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic was found in SourceCodester Online Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-student.php. The manipulation of the argument Fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Key dates

02Disclosure timeline

May 9, 2025 CVE published

May 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-4470 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-51699 WordPress Buooy Sticky Header plugin <= 0.5.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-47850 WordPress Community by PeepSo Plugin <= 6.2.2.0 is vulnerable to Cross Site Scripting (XSS) CVE-2026-1047 salavat counter Plugin <= 0.9.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'image_url' Parameter CVE-2026-4494 atjiu pybbs TopicApiController.java create cross site scripting CVE-2023-6495 YARPP – Yet Another Related Posts Plugin <= 5.30.9 - Authenticated(Administrator+) Cross-Site Scripting