| Titel | https://github.com/ZeroWdd/studentmanager/ https://github.com/ZeroWdd/studentmanager/issues 1.0 Improper Neutralization of Input During Web Page Generation |
|---|
| Beschreibung | There is a stored XSS vulnerability in the leave management module of the Student Manager system. When a low-privilege user submits a malicious payload, an administrator clicking to view it may lead to the compromise of the administrator account. |
|---|
| Quelle | ⚠️ https://www.yuque.com/clockw1se/lts9x9/mxgrzspnzmpxu7e7 |
|---|
| Benutzer | Clock12138 (UID 94875) |
|---|
| Einreichung | 02.02.2026 08:28 (vor 3 Monaten) |
|---|
| Moderieren | 07.02.2026 18:45 (5 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 344904 [ZeroWdd studentmanager bis 2151560fc0a50ec00426785ec1e01a3763b380d9 LeaveController.java addLeave Reason for Leave Cross Site Scripting] |
|---|
| Punkte | 16 |
|---|