| Título | School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected |
|---|
| Descrição | # Exploit Title: School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected
# Date: 2022-04-09
# Exploit Author: Mr Empy
# Software Link: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: Linux
Title:
================
School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected
Summary:
================
School Club Application System (SCAS) in version 1.0 is affected by Cross-site Scripting vulnerability due to poor hygiene in a certain parameter. The attacker could take advantage of this flaw to inject arbitrary javascript code to manipulate the victim's browser capabilities.
Severity Level:
================
6.5 (Medium)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Product:
================
School Club Application System v1.0
Steps to Reproduce:
================
URL: http://target.com/scas/admin/?page=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E |
|---|
| Fonte | ⚠️ https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html? |
|---|
| Utilizador | mrempy (UID 24379) |
|---|
| Submissão | 09/04/2022 17h37 (há 4 anos) |
|---|
| Moderação | 09/04/2022 20h20 (3 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 196751 [School Club Application System 1.0 /scas/admin/ page Script de Site Cruzado] |
|---|
| Pontos | 20 |
|---|