There is this thing we were able to take at college to get extra UCAS points.

At first I was like "fuck yeah might as well, doesn't seem too hard and its something I like so I wont be distracted"

Long story short, the website was badly designed. I got distracted. And I found out how to get admin rights over my marks (and rest of my project), and perform an xss injection.

Currently waiting for them to reply to my email asking about a bug bounty program.

Seriously guys, make sure you do proper server side checks.