3 matches found
CVE-2022-29359
CVE-2022-29359 affects School Club Application System v0.1. It describes a stored XSS vulnerability in /scas/?page=clubs/application_form&id=7 (or id=7) where an attacker can inject a crafted payload via the firstname parameter to execute arbitrary web scripts/HTML. The issue is confirmed across ...
CVE-2022-1288
CVE-2022-1288 – School Club Application System 1.0 suffers a reflected cross-site scripting (XSS) vulnerability in the /scas/admin/ page. The issue is triggered by manipulating the page parameter with the payload “%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E”, which can be exploited remotely withou...
CVE-2022-1287
The CVE-2022-1287 entry concerns School Club Application System 1.0. A vulnerability in the handler for POST requests to /scas/classes/Users.php?f=save_user allows privilege escalation. The flaw is exploitable remotely without authentication, and exploitation has been publicly disclosed. This is ...