| 제목 | CampCodes School Management Software 1.0 Cross Site Scripting |
|---|
| 설명 | Vendor and Product Information:
Vendor: CampCodes
Product: School Management Software
Product URL: https://www.campcodes.com/downloads/school-management-software-in-php-mysql-full-source-code/
Vulnerability Name: Stored Cross Site Scripting (XSS) - Account Takeover Possibility
Description:
The application’s chat interface is vulnerable to Stored Cross Site Scripting Vulnerability. As the cookie security is not in place, a lower privilege user (Student) will be able to chat with the higher privilege user (Admin) and can steal their cookie to perform account takeover.
Payload:
<img src=x onerror=alert(document.cookie)> |
|---|
| 원천 | ⚠️ https://github.com/KhukuriRimal/Vulnerabilities/blob/main/CampCodes%20-%20Stored%20Cross%20Site%20Scripting-%20Account%20Takeover%20Possibility.pdf |
|---|
| 사용자 | khukuririmal (UID 80171) |
|---|
| 제출 | 2025. 01. 18. AM 11:32 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 01. 19. PM 08:58 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 292599 [CampCodes School Management Software 1.0 Chat History /chat/group/send 메시지 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|