Cross Site Scripting (XSS) vulnerability in CloudSchool v3.0.1 allows session cookie theft through admin user notifications

Cross Site Scripting (XSS) vulnerability in CloudSchool v3.0.1 allows session cookie theft through admin user notifications

CVE-2022-46087 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user.

Learn more about our User Device Pen Test.