PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_student.php.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link | Tags |
---|---|
https://0day4u.wordpress.com/2018/03/19/student-profile-management-system-script-stored-xss/ | third party advisory exploit |