CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website.
References
Link | Resource |
---|---|
http://casap.com | Vendor Advisory |
http://packetstormsecurity.com/files/161421/CASAP-Automated-Enrollment-System-1.0-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/49469 | Exploit Third Party Advisory VDB Entry |
https://www.sourcecodester.com/download-code?nid=12210&title=CASAP+Automated+Enrollment+System+using+PHP%2FMySQLi+with+Source+Code | Third Party Advisory |
http://casap.com | Vendor Advisory |
http://packetstormsecurity.com/files/161421/CASAP-Automated-Enrollment-System-1.0-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/49469 | Exploit Third Party Advisory VDB Entry |
https://www.sourcecodester.com/download-code?nid=12210&title=CASAP+Automated+Enrollment+System+using+PHP%2FMySQLi+with+Source+Code | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:21
Type | Values Removed | Values Added |
---|---|---|
References | () http://casap.com - Vendor Advisory | |
References | () http://packetstormsecurity.com/files/161421/CASAP-Automated-Enrollment-System-1.0-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.exploit-db.com/exploits/49469 - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.sourcecodester.com/download-code?nid=12210&title=CASAP+Automated+Enrollment+System+using+PHP%2FMySQLi+with+Source+Code - Third Party Advisory |
Information
Published : 2021-02-09 00:15
Updated : 2024-11-21 06:21
NVD link : CVE-2021-3294
Mitre link : CVE-2021-3294
CVE.ORG link : CVE-2021-3294
JSON object : View
Products Affected
casap_automated_enrollment_system_project
- casap_automated_enrollment_system
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')