Submit #34400: School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected
| Title | School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected |
|---|---|
| Description | # Exploit Title: School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected # Date: 2022-04-09 # Exploit Author: Mr Empy # Software Link: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html # Version: 1.0 # Tested on: Linux Title: ================ School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected Summary: ================ School Club Application System (SCAS) in version 1.0 is affected by Cross-site Scripting vulnerability due to poor hygiene in a certain parameter. The attacker could take advantage of this flaw to inject arbitrary javascript code to manipulate the victim's browser capabilities. Severity Level: ================ 6.5 (Medium) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Product: ================ School Club Application System v1.0 Steps to Reproduce: ================ URL: http://target.com/scas/admin/?page=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E |
| Source | ⚠️ https:/ |
| User | mrempy (ID 24379) |
| Submission | 04/09/2022 17:37 (2 years ago) |
| Moderation | 04/09/2022 20:20 (3 hours later) |
| Accepted | Accepted |
| VulDB Entry | VDB-196751 |