Stored XSS Vulnerability in Student Management System v1.0 Allows Arbitrary Code Execution via Chat Box

Stored XSS Vulnerability in Student Management System v1.0 Allows Arbitrary Code Execution via Chat Box

CVE-2021-33371 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box.

Learn more about our Web App Pen Testing.