Description: A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed..
Recommendation
1-Ensure that any user input is properly sanitized
2-Use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur
Product : Web-School ERP V 5.0
Description: A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed..
Recommendation
1-Ensure that any user input is properly sanitized
2-Use
Content Security Policy(CSP) to reduce the severity of any XSS vulnerabilities that still occurPOC : Google Drive
The text was updated successfully, but these errors were encountered: