CVE-2021-28424

MEDIUM

Teachers Record Management System 1.0 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-28424. PoCs published by nhattruong.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Teachers Record Management System 1.0 by injecting a malicious script into the 'email' field via a POST request to adminprofile.php. The payload triggers an alert when the page is reloaded, confirming the vulnerability.

Description

A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.

Exploits (1)

exploitdb WORKING POC
by nhattruong · textwebappsphp
https://www.exploit-db.com/exploits/50019

This exploit demonstrates a stored XSS vulnerability in Teachers Record Management System 1.0 by injecting a malicious script into the 'email' field via a POST request to adminprofile.php. The payload triggers an alert when the page is reloaded, confirming the vulnerability.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Teachers Record Management System 1.0
Auth required
Prerequisites: Access to admin panel · Valid session cookie
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.4
EPSS 0.0131
EPSS Percentile 66.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
phpgurukul/teachers_record_management_system 1.0
Published Jul 01, 2021
Tracked Since Feb 18, 2026