header-logo
Suggest Exploit
vendor:
SchoolCMS
by:
VipVince
8,8
CVSS
HIGH
Persistant XSS
79
CWE
Product Name: SchoolCMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: a:poweritschools:schoolcms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2012

SchoolCMS Persistant XSS

A Persistant XSS vulnerability was discovered in the SchoolCMS software by PowerItSchools.com. The vulnerability lies in the eventform.php file, which allows an attacker to enter malicious JavaScript into the form boxes and save the event, which will store and trigger the persistent XSS script.

Mitigation:

The vendor should ensure that all user-supplied input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

Title: SchoolCMS Persistant XSS.
#Date: 03/12/12
#Author: VipVince
#Vendor: www.poweritschools.com
#Google Dork: /old_core/cal/eventform.php
#Tested on: Windows.

This is a Persistant XSS used in the software by many schools.

About 225 results (0.21 seconds) 

The vulnerability lies in the eventform.php file.

Entering your JavaScript into the form boxes and saving the event will store and trigger your persistent XSS script. Simplez. Have fun.

Navigation

Suggest Exploit

Services By CQR