CVE-2022-41445

MEDIUM

Record Management System using CodeIgniter 1.0 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-41445. PoCs published by RashidKhanPathan.

AI-analyzed exploit summary This repository contains a writeup describing a stored XSS vulnerability in the Teacher's Record Management System using CodeIgniter 1.0. The vulnerability allows attackers to inject arbitrary JavaScript payloads via the Add Subject page, which execute when viewed in the Profile View section.

Description

A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page.

Exploits (1)

nomisec WRITEUP 2 stars
by RashidKhanPathan · poc
https://github.com/RashidKhanPathan/CVE-2022-41445

This repository contains a writeup describing a stored XSS vulnerability in the Teacher's Record Management System using CodeIgniter 1.0. The vulnerability allows attackers to inject arbitrary JavaScript payloads via the Add Subject page, which execute when viewed in the Profile View section.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Teacher's Record Management System using CodeIgniter 1.0
Auth required
Prerequisites: Admin account access · Teacher account access
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 4.8
EPSS 0.0101
EPSS Percentile 58.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
teacher_record_management_system_project/teacher_record_management_system 1.0
Published Nov 22, 2022
Tracked Since Feb 18, 2026