| 제목 | Craig A Rodway classroombookings 2.16.4 Stored Cross-Site Scripting (XSS) |
|---|
| 설명 | A stored cross-site scripting (XSS) vulnerability in Classroom Bookings v2.16.4 allows authenticated users with the Teacher role to inject arbitrary JavaScript via the Display Name field in the profile settings. The malicious payload is stored and executed when the affected data is rendered, leading to execution of attacker-controlled scripts in other users’ browsers. |
|---|
| 원천 | ⚠️ https://github.com/sudo-secure/security-research/blob/main/classroombookings/stored-xss/PoC.md |
|---|
| 사용자 | sudosme (UID 96548) |
|---|
| 제출 | 2026. 03. 23. PM 01:54 (1 월 ago) |
|---|
| 모더레이션 | 2026. 04. 17. AM 08:58 (25 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 358027 [classroombookings 까지 2.17.0 User Display Name layout.php read displayname 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 18 |
|---|