A stored or reflected cross-site scripting (XSS) vulnerability exists in the STUDENT-MANAGEMENT-SYSTEM project version 1.0 by sambitraj. The flaw resides in an unspecified function on the Dashboard Page, where the Name parameter is not properly sanitized before being rendered in the browser. An attacker with high privileges (PR:H) can inject malicious scripts and trigger them in a victim's browser, potent [truncated]
A vulnerability in the STUDENT-MANAGEMENT-SYSTEM project by sambitraj allows improper access controls through an unknown function in the Dashboard component. The issue affects versions up to commit 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The project operates on a rolling release model without traditional version numbering. Multiple endpoints are affected. The vulnerability was reported to the project vi [truncated]