提出 #484895: CampCodes School Management Software 1.0 Cross Site Scripting情報

タイトルCampCodes School Management Software 1.0 Cross Site Scripting
説明Vendor and Product Information: Vendor: CampCodes Product: School Management Software Product URL: https://www.campcodes.com/downloads/school-management-software-in-php-mysql-full-source-code/ Vulnerability Name: Stored Cross Site Scripting (XSS) - Account Takeover Possibility Description: The application’s chat interface is vulnerable to Stored Cross Site Scripting Vulnerability. As the cookie security is not in place, a lower privilege user (Student) will be able to chat with the higher privilege user (Admin) and can steal their cookie to perform account takeover. Payload: <img src=x onerror=alert(document.cookie)>
ソース⚠️ https://github.com/KhukuriRimal/Vulnerabilities/blob/main/CampCodes%20-%20Stored%20Cross%20Site%20Scripting-%20Account%20Takeover%20Possibility.pdf
ユーザー
 khukuririmal (UID 80171)
送信2025年01月18日 11:32 (1 年 ago)
モデレーション2025年01月19日 20:58 (1 day later)
ステータス承諾済み
VulDBエントリ292599 [CampCodes School Management Software 1.0 Chat History /chat/group/send メッセージ クロスサイトスクリプティング]
ポイント20

概要

Might our Artificial Intelligence support you?

Check our Alexa App!