SchoolCenter URL Handling Cross Site Scripting Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052701 漏洞类型
发布时间 2008-06-06 更新时间 2008-06-06
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2008060027
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
 SchoolCenter URL Handling Cross Site Scripting Vulnerability


A vulnerability has been identified in SchoolCenter Software, which could be exploited to conduct cross site scripting attacks. Attackers can run arbitrary code that can be executed by the user's browser in the security context of an affected site. Attackers can exploit these issues via a web client.





Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz

Class: Cross Site Scripting
Remote: Yes
Risk: Medium

Product: SchoolCenter
Vendor: http://www.schoolcenter.net
Version: 8.0 & Previous



http://www.site.com/education/components/docmgr/default.php?sectiondetailid=2179&fileitem=477&catfilter=XSS

http://www.site.com/education/components/docmgr/default.php?sectiondetailid=#XSS

http://www.site.com/education/components/scrapbook/default.php?sectiondetailid=#XSS

http://www.site.com/education/district/district.php?sectiondetailid=#XSS

http://www.site.com/education/admin/XSS

http://www.site.com/education/components/XSS

http://www.site.com/education/components/whatsnew/default.php?sectiondetailid=#XSS