| Название | School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected |
|---|
| Описание | # Exploit Title: School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected
# Date: 2022-04-09
# Exploit Author: Mr Empy
# Software Link: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: Linux
Title:
================
School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected
Summary:
================
School Club Application System (SCAS) in version 1.0 is affected by Cross-site Scripting vulnerability due to poor hygiene in a certain parameter. The attacker could take advantage of this flaw to inject arbitrary javascript code to manipulate the victim's browser capabilities.
Severity Level:
================
6.5 (Medium)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Product:
================
School Club Application System v1.0
Steps to Reproduce:
================
URL: http://target.com/scas/admin/?page=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E |
|---|
| Источник | ⚠️ https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html? |
|---|
| Пользователь | mrempy (UID 24379) |
|---|
| Представление | 09.04.2022 17:37 (4 лет назад) |
|---|
| Модерация | 09.04.2022 20:20 (3 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 196751 [School Club Application System 1.0 /scas/admin/ page межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|