Stud.IP Cross-Site Scripting Vulnerability

Stud.IP is an open source learning and information management system for universities, education and applications from Sourceforge. A cross-site scripting vulnerability exists in Stud.IP versions prior to 5.3.4, 5.2.6, 5.1.7, and 5.0.9, which stems from the fact that uploadaction, editaction in t...

PT-2024-14038 · Stud.Ip · Stud.Ip

Name of the Vulnerable Software and Affected Versions: Stud.IP versions 5.x through 5.3.3 Description: The issue allows XSS with resultant upload of executable files because upload action and edit action in Admin SmileysController do not check the file extension. This leads to remote code executi...