| Title | School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected |
|---|
| Description | # Exploit Title: School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected
# Date: 2022-04-09
# Exploit Author: Mr Empy
# Software Link: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: Linux
Title:
================
School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected
Summary:
================
School Club Application System (SCAS) in version 1.0 is affected by Cross-site Scripting vulnerability due to poor hygiene in a certain parameter. The attacker could take advantage of this flaw to inject arbitrary javascript code to manipulate the victim's browser capabilities.
Severity Level:
================
6.5 (Medium)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Product:
================
School Club Application System v1.0
Steps to Reproduce:
================
URL: http://target.com/scas/admin/?page=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E |
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html? |
|---|
| User | mrempy (UID 24379) |
|---|
| Submission | 04/09/2022 17:37 (4 years ago) |
|---|
| Moderation | 04/09/2022 20:20 (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 196751 [School Club Application System 1.0 /scas/admin/ page cross site scripting] |
|---|
| Points | 20 |
|---|