Multi Branch School Management System 3.5 - "Create Branch" Stored XSS

🗓️ 22 Dec 2020 00:00:00Reported by Kislay KumarType

exploitdb🔗 www.exploit-db.com👁 217 Views

Create Branch" Stored XSS vulnerability in Multi Branch School Management System 3.

# Exploit Title: Multi Branch School Management System 3.5 - "Create Branch" Stored XSS
# Exploit Author: Kislay Kumar
# Date: 2020-12-21
# Google Dork: N/A
# Vendor Homepage: https://www.ramomcoder.com/
# Software Link: https://codecanyon.net/item/ramom-multi-branch-school-management-system/25182324
# Affected Version: 3.5
# Category: Web Application
# Tested on: Kali Linux

Step 1. Login as Super Admin.

Step 2. Select "Branch" from menu and after that click on "Create Branch".

Step 3. Insert payload - "><img src onerror=alert(1)> in "Branch Name" ,
"School Name" , "Mobile No." , "Currency" , "Symbol" , "City" and "State".

Step 4. Now  Click on "Save" and  you will get a list of alert boxes.

22 Dec 2020 00:00Current

7.4High risk

Vulners AI Score7.4

Multi Branch School Management System 3.5 - &quot;Create Branch&quot; Stored XSS

Multi Branch School Management System 3.5 - "Create Branch" Stored XSS