| 제목 | QDOCS Smart School : School Management System 7.2 Cross Site Scripting |
|---|
| 설명 | A stored cross-site scripting (XSS) vulnerability exists in Smart School: School Management System within the Front Office → Admission Enquiry → Follow-up Admission Enquiry module, accessible via the /admin/enquiry endpoint. The application fails to properly sanitize or encode user-supplied input in the “Note” field. An authenticated low-privileged user (e.g., Receptionist) can inject malicious JavaScript that is stored in the database and executed when the affected record is viewed by higher-privileged users such as Admin or Superadmin. This may result in client-side code execution within the victim’s browser session, potentially leading to information disclosure and unauthorized actions performed with the victim’s privileges. |
|---|
| 원천 | ⚠️ https://github.com/smitp1553/School_management_System/tree/main |
|---|
| 사용자 | Casmit2004 (UID 96320) |
|---|
| 제출 | 2026. 03. 10. PM 05:37 (23 날 ago) |
|---|
| 모더레이션 | 2026. 03. 27. PM 02:48 (17 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 353878 [QDOCS Smart School Management System 까지 7.2 Admission Enquiry /admin/enquiry Note 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|