CVE-2025-5727 MEDIUM

CVE-2025-5727: SourceCodester Student Result Management System Announcement Page announcement cross site scripting

Vendor Sourcecodester

Product Student Result Management System

Weakness CWE-79 · XSS

Published June 6, 2025

Last update June 6, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the component Announcement Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

June 6, 2025 CVE published

June 6, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-5727

Related vulnerabilities

04Related CVE

CVE-2025-58784 WordPress ARI Fancy Lightbox Plugin <= 1.4.0 - Cross Site Scripting (XSS) Vulnerability CVE-2021-36905 WordPress Quiz And Survey Master plugin <= 7.3.4 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities CVE-2025-2314 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-30441 WordPress Combo Blocks plugin <= 2.2.74 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2020-15177 Unauthenticated Stored XSS in GLPI