A stored cross-site scripting (XSS) vulnerability exists in the StudentManagementSystem project at commit cb2f558ddf8d19396de0f92abf2d224d46a0a203. The vulnerability resides in the /student.php file, where the FIRST_NAME parameter fails to properly sanitize user input, allowing injection of arbitrary web scripts. The attack vector is network-based, requires low privileges, and depends on user interaction. [truncated]
A SQL injection vulnerability exists in the yashpokharna2555/StudentManagementSystem repository at commit cb2f558ddf8d19396de0f92abf2d224d46a0a203. The vulnerability is located in the `confirm_logged_in` function within `student_trans.php`, where unsanitized user input for `FIRST_NAME`, `Last_Name`, and `EMAIL` parameters is incorporated into SQL queries. The attack vector is network-based with no authent [truncated]
