Description

A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website.

Related CPE's

a

web-school

enterprise_resource_planning

5.0

Vulnerable

References

http://web-school.in

Product

https://github.com/0xrayan/CVEs/issues/1

ExploitIssue TrackingThird Party Advisory

https://web-school.in/try-demo/

Product

Weaknesses

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-04-08T12:15:12.650

4 years ago

Last modified

2021-04-13T03:58:52.057

4 years ago