Invia #480306: CampCodes School Management Software 1 Cross Site Scriptinginformazioni

TitoloCampCodes School Management Software 1 Cross Site Scripting
DescrizioneCross-Site Scripting (XSS) vulnerability exists in "ID Card Title" form field of "/create-id-card" page. The payload gets executed and rendered on entering it in the "ID Card Title" form field dynamically. We can enter any javascript or html payload to get it executed in the application, we can even use document.cookie to steal the session cookie. Cross-Site Scripting (XSS) vulnerabilities can pose significant risks to organizations by enabling attackers to exploit vulnerabilities in web applications. These risks span security, business operations, and customer trust. Payload: <img src=x onerror=alert(1)> <img src=x onerror=alert(document.cookie)>
Fonte⚠️ https://github.com/KhukuriRimal/Vulnerabilities/blob/main/CampCodes%20-%20School%20Management%20Software%20-%20Cross%20Site%20Scripting.pdf
Utente
 khukuririmal (UID 80171)
Sottomissione13/01/2025 18:48 (1 Anno fa)
Moderazione17/01/2025 21:49 (4 days later)
StatoAccettato
Voce VulDB292493 [Campcodes School Management Software 1.0 Create Id Card Page /create-id-card ID Card Title cross site scripting]
Punti20

Do you want to use VulDB in your project?

Use the official API to access entries easily!