PT-2023-14810 · Unknown · Cloudschool
G37Sys73M
+1
·
Published
2023-01-30
·
Updated
2023-02-07
·
CVE-2022-46087
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
CloudSchool version 3.0.1
Description
The issue allows a normal user to steal session cookies of admin users through a notification received by the admin user, exploiting a Cross Site Scripting (XSS) weakness.
Recommendations
For CloudSchool version 3.0.1, update to a version that includes a fix for this issue, as no specific workaround is provided in the available information.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloudschool