Description: A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name filed & description filed. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website..
Recommendation
1-Ensure that any user input is properly sanitized
2-Use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur
POC :
As show below it's the output from XSS Hunter Server
Product : Web-School ERP V 5.0
Description: A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name filed & description filed. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website..
Recommendation
1-Ensure that any user input is properly sanitized
2-Use
Content Security Policy(CSP) to reduce the severity of any XSS vulnerabilities that still occurPOC :
As show below it's the output from XSS Hunter Server
DOM
The text was updated successfully, but these errors were encountered: