# Exploit Title: Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS # Exploit Author: Kislay Kumar # Date: 2020-12-18 # Vendor Homepage: https://xeroneit.net/ # Software Link: https://xeroneit.net/portfolio/library-management-system-lms # Affected Version: Version 3.1 # Tested on: Kali Linux Step 1. Login to the application as Admin. Step 2. Select "Book" from menu and click on "Book Category" . Now , click on "Add" Button. Step 3. Insert payload - "><img src onerror=alert(1)> , in "Category Name" and Save it. Step 4. Now you will see an alert box .