PT-2022-13777 · Unknown · School Club Application System
Mrempy
·
Published
2022-04-09
·
Updated
2022-04-15
·
CVE-2022-1288
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
School Club Application System version 1.0
Description
A problematic issue has been found in the School Club Application System, affecting access to the "/scas/admin/" endpoint. The manipulation of the
page parameter with a specific input leads to a reflected cross-site scripting issue. This can be initiated remotely without requiring any form of authentication. The issue has been publicly disclosed.Recommendations
For School Club Application System version 1.0, consider restricting access to the "/scas/admin/" endpoint until a fix is available. As a temporary workaround, avoid using the
page parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
School Club Application System