| 제목 | CampCodes School Management Software 1.0 Account Takeover Possibility via Stored Cross Site Scripting |
|---|
| 설명 | Vendor and Product Information:
Vendor: CampCodes
Product: School Management Software
Product URL: https://www.campcodes.com/downloads/school-management-software-in-php-mysql-full-source-code/
Vulnerability Name: Account Takeover Possibility via Stored Cross Site Scripting
Description:
The application’s calendar module “/academic calendar” is vulnerable to cross site scripting. Teachers can view the calendar module and add an event to the calendar. The same event can then be seen in another teacher’s calendar. Since the calendar module is vulnerable to XSS, one teacher can exploit this vulnerability and potentially steal another teacher’s session cookie to perform account takeover.
Payload:
<img src=x onerror=alert(document.cookie)> |
|---|
| 원천 | ⚠️ https://github.com/KhukuriRimal/Vulnerabilities/blob/main/Stored%20Cross%20Site%20Scripting-%20Teachers%20Account%20Takeover%20Possibility.pdf |
|---|
| 사용자 | khukuririmal (UID 80171) |
|---|
| 제출 | 2025. 02. 02. PM 12:27 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 02. 10. AM 09:02 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 295063 [CampCodes School Management Software 1.0 /academic-calendar 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|