Submit #307450: RosarioSIS RosarioSIS Student Information System v11.5.1 stored XSS at add portal noteinfo

TitelRosarioSIS RosarioSIS Student Information System v11.5.1 stored XSS at add portal note
BeschreibungProduct: RosarioSIS Student Information System Product Link: https://github.com/francoisjacquet/rosariosis/ A vulnerability pertaining to Stored Cross-site Scripting (XSS) has been identified in version 11.5.1 of Rosariosis at modname=School_setup/portalnotes.php. This flaw enables attackers to upload a malicious PDF file containing JavaScript code. Subsequently, this code may be triggered upon viewing the PDF.
Quelle⚠️ https://powerful-bulb-c36.notion.site/Stored-xss-via-malicious-PDF-upload-98fb1ea6b9bf4ddfaf04d61b2c05410a
Benutzer
 louay khammassi (UID 67114)
Einreichung30.03.2024 02:43 (vor 2 Jahren)
Moderieren01.04.2024 18:47 (3 days later)
StatusAkzeptiert
VulDB Eintrag258911 [francoisjacquet RosarioSIS 11.5.1 Add Portal Note Cross Site Scripting]
Punkte17

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!