Headline
CVE-2021-39408: GitHub - StefanDorresteijn/CVE-2021-39408: XSS vulnerability in Online Student Rate System1.0
Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file
CVE-2021-39408
A reflected Cross Site Scripting (XSS) vulnerability exists in multiple version 1.0 of the Online Student Rate System application that allows for arbitrary execution of JavaScript commands.
Vulnerable Page
On index.php, the page parameter is vulnerable, allowing an attacker to include any javascript within script tags:
http://localhost/index.php?page=<script>alert(‘test’);</script>
Discovered by Stefan Dorresteijn, August 2021