Описание
A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website.
Ссылки
- Product
- ExploitIssue TrackingThird Party Advisory
- Product
- Product
- ExploitIssue TrackingThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:web-school:enterprise_resource_planning:5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00253
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website.
EPSS
Процентиль: 48%
0.00253
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79