| Titel | Craig A Rodway classroombookings 2.16.4 Stored Cross-Site Scripting (XSS) |
|---|
| Beschreibung | A stored cross-site scripting (XSS) vulnerability in Classroom Bookings v2.16.4 allows authenticated users with the Teacher role to inject arbitrary JavaScript via the Display Name field in the profile settings. The malicious payload is stored and executed when the affected data is rendered, leading to execution of attacker-controlled scripts in other users’ browsers. |
|---|
| Quelle | ⚠️ https://github.com/sudo-secure/security-research/blob/main/classroombookings/stored-xss/PoC.md |
|---|
| Benutzer | sudosme (UID 96548) |
|---|
| Einreichung | 23.03.2026 13:54 (vor 26 Tagen) |
|---|
| Moderieren | 17.04.2026 08:58 (25 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 358027 [classroombookings bis 2.17.0 User Display Name layout.php read displayname Cross Site Scripting] |
|---|
| Punkte | 18 |
|---|