[] NeoSense
E X P L O I T S
title author type platform port cve id

Alumni Management System 1.0 - _Course Form_ Stored XSS

Author: Aakash Madaan
type: webapps
platform: php
port: 
date_added: 2020-12-18 
date_updated: 2020-12-18 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title:  Alumni Management System 1.0 - "Course Form" Stored XSS
# Exploit Author: Aakash Madaan
# Date: 2020-12-10
# Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14524&title=Alumni+Management+System+using+PHP%2FMySQL+with+Source+Code
# Affected Version: Version 1
# Tested on: Parrot OS


Step 1. Login to the application with admin credentials

Step 2. Click on the "Course List" page.

Step 3. In the "Course Form" field, use XSS payload
"<script>alert("course")</script>" as the name of new course and click on
save.

Step 4. This should trigger the XSS payload and anytime you click on the
"Course List" page, your stored XSS payload will be triggered.
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.