A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NSchool Club Application System Project School Club Application System
APPSchool Club Application System Project1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
Related vulnerabilities
CVE-2022-29359MEDIUM6.1ten sam produkt
A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Ap...
CVE-2022-1287MEDIUM6.5ten sam produkt
A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability aff...