A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-08T11:12:20

Updated: 2024-08-03T22:24:59.370Z

Reserved: 2021-04-02T00:00:00

Link: CVE-2021-30113

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-04-08T12:15:12.650

Modified: 2024-11-21T06:03:19.800

Link: CVE-2021-30113

cve-icon Redhat

No data.