Stored XSS Vulnerability in ShinHer StudyOnline System's Message Board

Stored XSS Vulnerability in ShinHer StudyOnline System's Message Board

CVE-2021-42329 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks.

Learn more about our User Device Pen Test.