Description

CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user.

Related CPE's

a

cloudschool_project

cloudschool

3.0.1

Vulnerable

References

https://github.com/G37SYS73M/Advisory_G37SYS73M/blob/main/CVE-2022-46087/poc.md

ExploitThird Party Advisory

https://github.com/hrshadhin/school-management-system

Product

Weaknesses

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.4 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-01-30T15:15:09.750

2 years ago

Last modified

2023-02-06T21:54:50.580

2 years ago