Описание
A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.
Ссылки
- https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.htmlProductThird Party Advisory
- ExploitThird Party Advisory
- https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.htmlProductThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:school_club_application_system_project:school_club_application_system:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00768
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.
EPSS
Процентиль: 73%
0.00768
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79