header-logo
Suggest Exploit
vendor:
Library Management System
by:
Kislay Kumar
8.8
CVSS
HIGH
Stored XSS
79
CWE
Product Name: Library Management System
Affected Version From: 3.1
Affected Version To: 3.1
Patch Exists: NO
Related CWE: N/A
CPE: a:xeroneit:library_management_system:3.1
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux
2020

Xeroneit Library Management System 3.1 – ‘Add Book Category’ Stored XSS

A stored XSS vulnerability exists in Xeroneit Library Management System 3.1, which allows an attacker to inject malicious JavaScript code into the 'Category Name' field when adding a new book category. This malicious code is then stored in the application and executed when the page is loaded by an authenticated user.

Mitigation:

Input validation should be used to prevent malicious code from being stored in the application.
Source

Exploit-DB raw data:

# Exploit Title:  Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS
# Exploit Author: Kislay Kumar
# Date: 2020-12-18
# Vendor Homepage: https://xeroneit.net/
# Software Link: https://xeroneit.net/portfolio/library-management-system-lms
# Affected Version: Version 3.1
# Tested on: Kali Linux

Step 1. Login to the application as Admin.

Step 2. Select "Book" from menu and click on "Book Category" . Now , click
on "Add" Button.

Step 3. Insert payload - "><img src onerror=alert(1)> ,  in "Category Name"
and Save it.

Step 4. Now you will see an alert box .

Navigation

Suggest Exploit

Services By CQR