CVE-2021-40261 Information

Description

Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php the (3) firstname (4) class and (5) status parameters in student_table.php the (6) category and (7) class_name parameters in add_class1.php the (8) fname (9) mname(10) lname (11) address (12) class (13) gfname (14) gmname (15) glname (16) rship (17) status (18) transport and (19) route parameters in add_student.php the (20) fname (21) mname (22) lname (23) address (24) class (25) fgname (26) gmname (27) glname (28) rship (29) status (30) transport and (31) route parameters in save_stud.phpthe (32) status (33) fname and (34) lname parameters in add_user.php the (35) username (36) firstname and (37) status parameters in users.php the (38) fname (39) lname and (40) status parameters in save_user.php and the (41) activity_log (42) aprjun (43) class (44) janmar (45) Julsep(46) octdec (47) Students and (48) users parameters in table_name.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://sisl.lab.uic.edu/projects/chess/casap-automated-enrollment-system/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1