vendor:
Faulty Evaluation System
by:
Suresh Kumar
5.5
CVSS
MEDIUM
Stored Cross-Site Scripting
79
CWE
Product Name: Faulty Evaluation System
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
2021
Faulty Evaluation System 1.0 – ‘multiple’ Stored Cross-Site Scripting
The Faulty Evaluation System 1.0 is vulnerable to stored cross-site scripting (XSS) attacks. The 'Student' functionality is specifically vulnerable, allowing malicious script injection in the 'Firstname', 'Lastname', and 'Middle Name' input fields. The exploit payload used is an XSS link that triggers an alert displaying the user's cookies. When visiting the vulnerable page, the injected script is executed, resulting in the execution of the stored XSS code.
Mitigation:
To mitigate this vulnerability, input validation and output encoding should be implemented to prevent the execution of malicious scripts. Additionally, the use of Content Security Policy (CSP) can help mitigate XSS attacks by specifying trusted sources of content.
