Submit #307450: RosarioSIS RosarioSIS Student Information System v11.5.1 stored XSS at add portal noteinfo

TitleRosarioSIS RosarioSIS Student Information System v11.5.1 stored XSS at add portal note
DescriptionProduct: RosarioSIS Student Information System Product Link: https://github.com/francoisjacquet/rosariosis/ A vulnerability pertaining to Stored Cross-site Scripting (XSS) has been identified in version 11.5.1 of Rosariosis at modname=School_setup/portalnotes.php. This flaw enables attackers to upload a malicious PDF file containing JavaScript code. Subsequently, this code may be triggered upon viewing the PDF.
Source⚠️ https://powerful-bulb-c36.notion.site/Stored-xss-via-malicious-PDF-upload-98fb1ea6b9bf4ddfaf04d61b2c05410a
User
 louay khammassi (UID 67114)
Submission03/30/2024 02:43 (2 years ago)
Moderation04/01/2024 18:47 (3 days later)
StatusAccepted
VulDB entry258911 [francoisjacquet RosarioSIS 11.5.1 Add Portal Note cross site scripting]
Points17

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!