| Title | CampCodes School Management Software 1.0 Cross Site Scripting |
|---|
| Description | Vendor and Product Information:
Vendor: CampCodes
Product: School Management Software
Product URL: https://www.campcodes.com/downloads/school-management-software-in-php-mysql-full-source-code/
Vulnerability Name: Stored Cross Site Scripting (XSS)
Description:
The web application has a stored cross-site scripting (XSS) vulnerability in the add photo to image gallery option. An malicious user can insert malicious JavaScript into the "Name" and "Description" form field and upload image of their choice. As a result, when other users or normal viewers try to view the gallery section of the website, the javascript payload will be triggered and load a pop up with any message of user choice.
Payload:
<img src=x onerror=alert(1)>
|
|---|
| Source | ⚠️ https://github.com/KhukuriRimal/Vulnerabilities/blob/main/CampCodes%20-%20School%20Management%20Software%20-%20Stored%20Cross%20Site%20Scripting.pdf |
|---|
| User | khukuririmal (UID 80171) |
|---|
| Submission | 01/14/2025 06:53 (1 Year ago) |
|---|
| Moderation | 01/17/2025 21:50 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 292494 [CampCodes School Management Software 1.0 Photo Gallery Page /photo-gallery Description cross site scripting] |
|---|
| Points | 20 |
|---|