Submit #480306: CampCodes School Management Software 1 Cross Site Scriptinginfo

TitelCampCodes School Management Software 1 Cross Site Scripting
BeschreibungCross-Site Scripting (XSS) vulnerability exists in "ID Card Title" form field of "/create-id-card" page. The payload gets executed and rendered on entering it in the "ID Card Title" form field dynamically. We can enter any javascript or html payload to get it executed in the application, we can even use document.cookie to steal the session cookie. Cross-Site Scripting (XSS) vulnerabilities can pose significant risks to organizations by enabling attackers to exploit vulnerabilities in web applications. These risks span security, business operations, and customer trust. Payload: <img src=x onerror=alert(1)> <img src=x onerror=alert(document.cookie)>
Quelle⚠️ https://github.com/KhukuriRimal/Vulnerabilities/blob/main/CampCodes%20-%20School%20Management%20Software%20-%20Cross%20Site%20Scripting.pdf
Benutzer
 khukuririmal (UID 80171)
Einreichung13.01.2025 18:48 (vor 1 Jahr)
Moderieren17.01.2025 21:49 (4 days later)
StatusAkzeptiert
VulDB Eintrag292493 [Campcodes School Management Software 1.0 Create Id Card Page /create-id-card ID Card Title Cross Site Scripting]
Punkte20

Do you know our Splunk app?

Download it now for free!