漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION
Vulnerability Description
Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/office_admin/' in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Web-School ERP 跨站脚本漏洞
Vulnerability Description
Web-School ERP 是印度Web-School公司的一个应用系统。一个ERP应用系统。 School ERP Pro+Responsive 1.0 版本存在跨站脚本漏洞,该漏洞源于 /schoolerp/office_admin/ 页面的 es_bankacc、es_bank_name、es_bank_pin、es_checkno、es_teller_number、dc1、dc2 参数存在跨站脚本漏洞。
CVSS Information
N/A
Vulnerability Type
N/A