Vulnerability
CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user.
Description
CloudSchool v3.0.1 in GitHub repo hrshadhin/school-management-system This vulnerability causes the attacker to execute XSS payloads in the session of another user which may result to cookie stealing or executing malicious scripts in the victim’s browser.
Attack scenario:
In this scenario there are two users where the user “superadmin” has all the permission to the application also the victim in this scenario and the user “admin1”, the attacker in this scenario has only the permission to Create,Edit,Delete Employees and users.
The vulnerability causes the use of a payload “<script>alert(141)</script>” by the user “admin1” to create an employee with the name as the payload. After creating the employee, a notification is raised when we login to the app as the “superadmin” user. Due to the lack of sanitization of the input the Javascript payload gets executed in the session of the “superadmin” user. This behavior can be replicated in any scenarios where the victim user receives a notification.
CVE-ID
CVE-2022-46087
Vendor
hrshadhin/school-management-system
Product
CloudSchool v3.0.1
Disclosure Timeline
Reported On: 25th November 2022
Made Public On: 22th November 2022
Fixed On: Not Fixed
Credits
Soummya Mukhopadhyay