CVE-2021-28424

MEDIUM

Teachers Record Management System 1.0 - XSS

Title source: llm

Description

A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.

Exploits (1)

exploitdb WORKING POC

by nhattruong · textwebappsphp

https://www.exploit-db.com/exploits/50019

View Code ZIP pw:eip

References (4)

[Third Party Advisory] https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/

[Exploit, Third Party Advisory] https://nhattruong.blog/2021/05/22/cve-2021-28424-teachers-record-management-system-1-0-email-stored-cross-site-scripting-xss-vulnerability-authenticated/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50019

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/163171/Teachers-Record-Management-System-1.0-Cross-Site-Scripting.html

Scores

CVSS v3 5.4

EPSS 0.0056

EPSS Percentile 68.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

phpgurukul/teachers_record_management_system 1.0

Published Jul 01, 2021

Tracked Since Feb 18, 2026