Headline
CVE-2022-47102: CVE-2022-47102/CVE-2022-47102 at main · sudoninja-noob/CVE-2022-47102
A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
> [Suggested description]
> A cross-site scripting (XSS) vulnerability in Student Study Center
> Management System V 1.0 allows attackers to execute arbitrary web
> scripts or HTML via a crafted payload injected into the name parameter.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> https://phpgurukul.com/
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Student Study Center Management System - V 1.0
>
> ------------------------------------------
>
> [Affected Component]
> fromdate
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Steps-To-Reproduce:
> Step 1 Go to the Product admin panel https://localhost/php-jms/index.php
> Step 2 " Enter default credentials in username and password
> Step 3 " After login see Report option and click on report option
> Step 4 " fill date in From Date and To date input area.
> Step 5 " Click submit button and capture reauest
> Step 6 - put XSS payload in From Date input field with date
> Step 7 - payload execute.
>
> ------------------------------------------
>
> [Reference]
> https://phpgurukul.com/student-study-center-management-system-using-php-and-mysql/
>
> ------------------------------------------
>
> [Discoverer]
> Sanjay Singh
Use CVE-2022-47102