| Title | CampCodes School Management Software 1 Cross Site Scripting |
|---|
| Description | Cross-Site Scripting (XSS) vulnerability exists in "ID Card Title" form field of "/create-id-card" page. The payload gets executed and rendered on entering it in the "ID Card Title" form field dynamically. We can enter any javascript or html payload to get it executed in the application, we can even use document.cookie to steal the session cookie.
Cross-Site Scripting (XSS) vulnerabilities can pose significant risks to organizations by enabling attackers to exploit vulnerabilities in web applications. These risks span security, business operations, and customer trust.
Payload:
<img src=x onerror=alert(1)>
<img src=x onerror=alert(document.cookie)> |
|---|
| Source | ⚠️ https://github.com/KhukuriRimal/Vulnerabilities/blob/main/CampCodes%20-%20School%20Management%20Software%20-%20Cross%20Site%20Scripting.pdf |
|---|
| User | khukuririmal (UID 80171) |
|---|
| Submission | 01/13/2025 06:48 PM (2 months ago) |
|---|
| Moderation | 01/17/2025 09:49 PM (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 292493 [Campcodes School Management Software 1.0 Create Id Card Page /create-id-card ID Card Title cross site scripting] |
|---|
| Points | 20 |
|---|