OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.
References
| Link | Resource |
|---|---|
| https://github.com/MiSERYYYYY/Vulnerability-Reports-and-Disclosures/blob/main/OpenSIS-Community-8.0.md | Exploit Third Party Advisory |
| https://github.com/OS4ED/openSIS-Classic | Product Third Party Advisory |
| https://www.youtube.com/watch?v=aPKPUDmmYpc | Exploit Third Party Advisory |
Configurations
History
30 Sep 2021, 17:41
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
| CPE | cpe:2.3:a:os4ed:opensis:8.0:*:*:*:community:*:*:* | |
| CWE | CWE-79 | |
| References | (MISC) https://github.com/OS4ED/openSIS-Classic - Product, Third Party Advisory | |
| References | (MISC) https://github.com/MiSERYYYYY/Vulnerability-Reports-and-Disclosures/blob/main/OpenSIS-Community-8.0.md - Exploit, Third Party Advisory | |
| References | (MISC) https://www.youtube.com/watch?v=aPKPUDmmYpc - Exploit, Third Party Advisory |
24 Sep 2021, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-09-24 16:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-40310
Mitre link : CVE-2021-40310
CVE.ORG link : CVE-2021-40310
JSON object : View
Products Affected
os4ed
- opensis
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')