提出 #34400: School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected情報

タイトルSchool Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected
説明# Exploit Title: School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected # Date: 2022-04-09 # Exploit Author: Mr Empy # Software Link: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html # Version: 1.0 # Tested on: Linux Title: ================ School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected Summary: ================ School Club Application System (SCAS) in version 1.0 is affected by Cross-site Scripting vulnerability due to poor hygiene in a certain parameter. The attacker could take advantage of this flaw to inject arbitrary javascript code to manipulate the victim's browser capabilities. Severity Level: ================ 6.5 (Medium) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Product: ================ School Club Application System v1.0 Steps to Reproduce: ================ URL: http://target.com/scas/admin/?page=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E
ソース⚠️ https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html?
ユーザー
 mrempy (UID 24379)
送信2022年04月09日 17:37 (4 年 ago)
モデレーション2022年04月09日 20:20 (3 hours later)
ステータス承諾済み
VulDBエントリ196751 [School Club Application System 1.0 /scas/admin/ page クロスサイトスクリプティング]
ポイント20

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!