CVE-2022-29359

Name of the Vulnerable Software and Affected Versions School Club Application System version v0.1

Description A stored cross-site scripting (XSS) issue exists in the /scas/?page=clubs/application form&id=7 endpoint of the School Club Application System, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.

Recommendations For School Club Application System version v0.1, as a temporary workaround, consider restricting access to the /scas/?page=clubs/application form&id=7 endpoint until a patch is available. Avoid using the firstname parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.