Q431010

**Name of the Vulnerable Software and Affected Versions** SchoolCMS version 2.3.1 **Description** An issue was discovered that allows for an XSS vulnerability. The vulnerability can be exploited via the `index.php` endpoint with specific parameters, including `a=Index`, `c=Channel`, `m=Home`, and `viewid` set to malicious input, such as `[XSS]`. **Recommendations** For SchoolCMS version 2.3.1, as a temporary workaround, consider restricting access to the `index.php` endpoint with the specified parameters until a patch is available. Avoid using the `viewid` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SchoolCMS version 2.3.1 **Description** An issue was discovered that allows for an XSS vulnerability. The vulnerability can be exploited via the `index.php` endpoint with specific parameters, including `a=Index`, `c=Channel`, `m=Home`, and `id` set to a malicious input, such as `[XSS]`. **Recommendations** For SchoolCMS version 2.3.1, as a temporary workaround, consider restricting access to the `index.php` endpoint with the parameters `a=Index`, `c=Channel`, `m=Home`, and `id` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.