| عنوان | Craig A Rodway classroombookings 2.16.4 Stored Cross-Site Scripting (XSS) |
|---|
| الوصف | A stored cross-site scripting (XSS) vulnerability in Classroom Bookings v2.16.4 allows authenticated users with the Teacher role to inject arbitrary JavaScript via the Display Name field in the profile settings. The malicious payload is stored and executed when the affected data is rendered, leading to execution of attacker-controlled scripts in other users’ browsers. |
|---|
| المصدر | ⚠️ https://github.com/sudo-secure/security-research/blob/main/classroombookings/stored-xss/PoC.md |
|---|
| المستخدم | sudosme (UID 96548) |
|---|
| ارسال | 23/03/2026 01:54 PM (1 شهر منذ) |
|---|
| الاعتدال | 17/04/2026 08:58 AM (25 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 358027 [classroombookings حتى 2.17.0 User Display Name layout.php read displayname البرمجة عبر المواقع] |
|---|
| النقاط | 18 |
|---|