Title: ITSOURCECODE Student Management System 1.0 Improper Neutralization of Alternate XSS Syntax Description: The ITSOURCECODE Student Management System version 1.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Add Student module. Specifically in the Student Profile Picture file upload functionality, the application allows the upload of SVG files without adequate server-side validation or sanitization. SVG is an XML-based format capable of embedding JavaScript, which can lead to a malicious payload being stored and executed when accessed. Key Details: Source: !Website Link Reporter: AS-AbdulSamad (UID 95469) Submission Date: 02/10/2026 Moderation Date: 02/21/2026 Status: Accepted VulDB Entry: 347311 Points: 20