PT-2021-18605 · Unknown · Web-School Erp

0Xrayan

Published

2021-04-08

Updated

2021-04-13

CVE-2021-30111

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Web-School ERP version 5.0

Description A stored XSS issue exists via the Add Events feature in the event name and description fields, allowing an attack to inject JavaScript code that will be stored and executed when visitors view the events.

Recommendations For Web-School ERP version 5.0, consider disabling the Add Events feature until a patch is available to prevent the injection of malicious JavaScript code. Restrict access to the event name and description fields to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-30111

Affected Products

Web-School Erp

PT-2021-18605 · Unknown · Web-School Erp

CVE-2021-30111

Weakness Enumeration

Related Identifiers

Affected Products

References · 5