CVE-2021-30113

More information about this CVE will likely be available in a few days.

Description

A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website.

Related CPE's

Could not find any relations

References

https://web-school.in/try-demo/

https://github.com/0xrayan/CVEs/issues/1

http://web-school.in

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics