Submit #476897: CampCodes Computer Laboratory Management System 1.0 Stored Cross-Site Scripting (XSS)info

TitleCampCodes Computer Laboratory Management System 1.0 Stored Cross-Site Scripting (XSS)
DescriptionVendor and Product Information: Vendor: CampCodes Product: Computer Laboratory Management System Product URL: https://www.campcodes.com/projects/php/computer-laboratory-management-system/ Confidence: Confirmed Description: The web application has a stored cross-site scripting (XSS) vulnerability in the edit borrower info feature. An attacker can insert malicious JavaScript into the "s_lname" field, which gets displayed when updating borrower details. As a result, when other users view the affected name, the script runs in their browsers, potentially leading to session hijacking, data theft, or other malicious activities.
Source⚠️ https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Computer%20Laboratory%20Management%20System.md
User
 John Correche (UID 79510)
Submission01/08/2025 03:46 AM (1 month ago)
Moderation01/08/2025 06:54 PM (15 hours later)
StatusAccepted
VulDB Entry290829 [CampCodes Computer Laboratory Management System 1.0 /class/edit/edit s_lname cross site scripting]
Points20

Do you know our Splunk app?

Download it now for free!