Master.php?f=save_course POST form-data parameter name exists stored cross-site scriptinginfo

Title	Simple Student Information System v1.0 /sis/classes/Master.php?f=save_course POST form-data parameter name exists stored cross-site scripting
Description	An issue was discovered in Simple Student Information System v1.0. There is a stored cross-site scripting vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /sis/classes/Master.php?f=save_course POST form-data parameter name. Steps to reproduce 1.Go to the admin Login 2.Click on "Course List" and Click on "+ Add New Course". 3.Put Payload into the Course parameter 4.Click on Save 5.Payload will trigger when a user visits on http://localhost/sis/admin/?page=courses
Source	⚠️ https://github.com/sssddc11/bug_report/blob/master/XSS-1.md
User	wangshiyou (UID 45923)
Submission	04/29/2023 05:03 (3 years ago)
Moderation	04/29/2023 09:03 (4 hours later)
Status	Accepted
VulDB entry	227751 [SourceCodester Simple Student Information System 1.0 Add New Course Master.php?f=save_course Name cross site scripting]
Points	20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!