CVE-2025-63892 PoC — SourceCodester Student Grades Management System 安全漏洞

Source

Associated Vulnerability

Description

XSS vulnerability in SourceCodester Student Grades Management System (CVE-2025-63892)

Readme

# 🔐 Security Advisories by Minhajul Taivin

Welcome to the official repository of my published CVE disclosures.  
This repository contains detailed security advisories, proof-of-concept information, mitigation strategies, and technical analysis for vulnerabilities I have discovered.

---

## 📌 Published CVEs

### 1️⃣ **CVE-2025-63892 — Stored XSS in SourceCodester Student Grades Management System**
📄 Advisory: [CVE-2025-63892.md](CVE-2025-63892.md)
A stored XSS vulnerability in the classroom description field allows arbitrary JavaScript execution, session hijacking, and user impersonation.

---

### 2️⃣ **CVE-2025-63883 — DOM-Based XSS in E-commerce Electric-Shop (GitHub Project)**
📄 Advisory: [CVE-2025-63883.md](CVE-2025-63883.md)  
Unsafe DOM manipulation in the search functionality permits attacker-controlled JavaScript execution via malicious URLs.

---

### 3️⃣ **CVE-2025-9753 — Reflected XSS in Hospital Management System v4.0**
📄 Advisory: [CVE-2025-9753.md](CVE-2025-9753.md)  
Improper input handling in the search box results in reflected XSS, enabling session theft and arbitrary JS execution.

---

## 👨‍💻 About the Researcher

**Minhajul Taivin**  
Offensive Security Researcher · Red Team Bangladesh  
🔗 https://www.linkedin.com/in/minhajultaivin

Specializing in vulnerability research, offensive security, and secure code analysis.  
This repository showcases responsible disclosure efforts and assigned CVEs from MITRE.

---

## 📬 Contact

For vendor communications, responsible disclosure, or collaboration:

- 📧 Email: taivin.oms018@gmail.com  
- 🔗 LinkedIn: https://www.linkedin.com/in/minhajultaivin

## ⚠️ Disclaimer

All CVEs listed here have been reported responsibly and assigned by MITRE.  
Proof-of-concepts are shared **only for educational and defensive purposes**.  
Use of this information for malicious activity is strictly prohibited.

File Snapshot

 [4.0K]  /data/pocs/9965237688dfe5271629eeaed9cf9c9ca2abfb5a
├── [1.6K]  CVE-2025-63883.md
├── [1.5K]  CVE-2025-63892.md
├── [1.3K]  CVE-2025-9753.md
└── [1.9K]  README.md

1 directory, 4 files

Remarks