🎓 PHP Education Manager – All-in-one platform for schools & colleges! 📚 Courses | 👨🎓 Students | 📂 Resources | 🛠 Admin Panel Simple, smart & scalable education system powered by PHP! 🚀💡
Github address:https://github.com/Iqbolshoh/php-education-management
A stored Cross-Site Scripting (XSS) vulnerability exists in the topics management module (topics.php). Attackers can inject malicious JavaScript payloads into the Titlefield during topic creation or updates. These payloads are stored in the database and executed in administrators' browsers when they view the topics list, enabling session hijacking or unauthorized administrative actions.
The vulnerability originates from two critical flaws in topics.php:
Unsanitized Database Insertion/Update
User input from $_POST['title']is directly stored in the database without sanitization:
This allows arbitrary HTML/JavaScript payloads like </h3><script>alert(1);</script>to be persisted in the lessonstable.
Unescaped Output Rendering When displaying topics, the title is output without escaping:
This renders malicious payloads as executable HTML.
Payload submitted during topic creation:
POST /admin/topics.php HTTP/1.1
Host: www.education.eek
Content-Length: 84
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=57kdtsvhunk04n4n9u0lbh86vf
Connection: keep-alive
title=%3C%2Fh3%3E%3Cscript%3Ealert%281231%29%3B%3C%2Fscript%3E&description=1&insert=
When admins load topics.php, the script executes:
