Skicka in #307450: RosarioSIS RosarioSIS Student Information System v11.5.1 stored XSS at add portal noteinformation

TitleRosarioSIS RosarioSIS Student Information System v11.5.1 stored XSS at add portal note
DescriptionProduct: RosarioSIS Student Information System Product Link: https://github.com/francoisjacquet/rosariosis/ A vulnerability pertaining to Stored Cross-site Scripting (XSS) has been identified in version 11.5.1 of Rosariosis at modname=School_setup/portalnotes.php. This flaw enables attackers to upload a malicious PDF file containing JavaScript code. Subsequently, this code may be triggered upon viewing the PDF.
Source⚠️ https://powerful-bulb-c36.notion.site/Stored-xss-via-malicious-PDF-upload-98fb1ea6b9bf4ddfaf04d61b2c05410a
User
 louay khammassi (UID 67114)
Submission30/03/2024 02:43 (1 År sedan)
Moderation01/04/2024 18:47 (3 days later)
StatusAccepterad
VulDB Entry258911 [francoisjacquet RosarioSIS 11.5.1 Add Portal Note cross site scripting]
Points17

TidigareÖversiktNästa