Hello Full Disclosure community,

I’m sharing details of a recently assigned CVE affecting a widely used
open‑source School Management System (PHP/MySQL).

--------------------------------------------
CVE ID: CVE‑2025‑52187
Vulnerability Type: Stored Cross‑Site Scripting (XSS)
Attack Vector: Remote
Discoverer: Sanjay Singh
Vendor Repository:
https://github.com/GetProjectsIdea/Create-School-Management-System-with-PHP-MySQL
Version Tested: 1.0
--------------------------------------------

Description:
The application fails to properly sanitize user-supplied input in
`my_profile_update_form1.php` before storing it in the database. When the
stored data is later rendered on pages such as `get_student_profile.php` or
`dashboard1.php`, embedded JavaScript code executes in the context of the
victim’s browser.

Impacts:
• Session hijacking
• Data exfiltration
• Phishing and fake login forms
• Keystroke logging
• Defacement
• Privilege escalation if viewed by an administrator

--------------------------------------------
Proof of Concept (PoC):
1. Log in as a student user.
2. Navigate to the profile update form (`my_profile_update_form1.php`).
3. In an input field (e.g., Name With Initials), inject:
   <script>alert('XSS-PoC')</script>
4. Submit the form.
5. View the updated profile or dashboard (`get_student_profile.php` or
`dashboard1.php`) to trigger the payload.

--------------------------------------------
Mitigation Recommendations:
• Escape and sanitize all user input before storage/output (e.g., using
htmlspecialchars()).
• Implement a strict Content Security Policy (CSP).
• Perform code reviews and security audits.

Reference:
https://github.com/GetProjectsIdea/Create-School-Management-System-with-PHP-MySQL


This vulnerability has been responsibly disclosed and assigned
CVE‑2025‑52187. Full write‑up with additional details and mitigations is
available on Medium:

https://medium.com/@sanjay70023/cve-2025-52187-stored-xss-in-school-management-system-php-mysql-79cadcd6340f

If there are any questions or further information required, feel free to
reach out.

Best regards,
Sanjay Singh
Independent Security Researcher
LinkedIn <https://www.linkedin.com/in/sanjay70023/>