Submit #307450: RosarioSIS RosarioSIS Student Information System v11.5.1 stored XSS at add portal noteinfo

TitleRosarioSIS RosarioSIS Student Information System v11.5.1 stored XSS at add portal note
DescriptionProduct: RosarioSIS Student Information System Product Link: https://github.com/francoisjacquet/rosariosis/ A vulnerability pertaining to Stored Cross-site Scripting (XSS) has been identified in version 11.5.1 of Rosariosis at modname=School_setup/portalnotes.php. This flaw enables attackers to upload a malicious PDF file containing JavaScript code. Subsequently, this code may be triggered upon viewing the PDF.
Source⚠️ https://powerful-bulb-c36.notion.site/Stored-xss-via-malicious-PDF-upload-98fb1ea6b9bf4ddfaf04d61b2c05410a
User
 louay khammassi (ID 67114)
Submission03/30/2024 02:43 AM (6 months ago)
Moderation04/01/2024 06:47 PM (3 days later)
StatusAccepted
VulDB Entry258911
Points20

Do you know our Splunk app?

Download it now for free!