CVE-2025-63892
MediumCVSS 6.8Exploitation Probability (EPSS)
Low risk24th percentile - higher than 24% of all known CVEs
Summary
A stored cross-site scripting vulnerability was found in SourceCodester Student Grades Management System 1.0. The create_classroom function in /classroom.php fails to sanitize the name/description arguments, allowing script injection.
Risk Assessment
An attacker can inject a persistent script that executes in administrators' and users' browsers, potentially leading to session hijacking, defacement, or data theft.
Recommendation
Immediately update the system to the latest version or implement input filtering (validation and sanitization) for the name and description fields in /classroom.php.
Original NVD description (English source)
A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function create_classroom of the file /classroom.php of the component My Classrooms Management Page. This manipulation of the argument name/description causes stored cross site scripting.

