Advertisement






Alumni Management System 1.0 Cross Site Scripting

CVE Category Price Severity
CVE-2020-28071 CWE-79 Varies High
Author Risk Exploitation Type Date
Exploit Alert High Remote 2020-12-18
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 0.098282 0.65134

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020120131

Below is a copy:

Alumni Management System 1.0 Cross Site Scripting
# Exploit Title: Stored XSS on Alumni Management System 
# Date: 23/10/2020
# Exploit Author: Valerio Alessandroni
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-s ource-code.html
# Version: 1.0
# Tested on: ubuntu 18.04
# CVE : CVE-2020-28071
# Description:
An attacker after the admin authentication, can upload an image in the gallery, using a XSS payload in the description textarea called "about" and reach a stored XSS.
# Reproduction:
- Login as "admin"
- upload an image in the gallery area in the administration panel injecting Javascript code in the textarea called "about"
- The obtained XSS affects the administration panel (ex: http://127.0.0.1/admin/index.php?page=gallery) and
the public gallery (ex: http://127.0.0.1/index.php?page=gallery)

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum