Attacker Value
Moderate
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-nu11-15-092121

Last updated September 21, 2021
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated
Validated
Validated

Description

The Student Quarterly Grading System (by: oretnom23 ) is vulnerable to XSS – Stored PHPSESSID Hijacking Vulnerable PWNED. The vulnerable app: is “users”, with parameters: “fullname” and “username”. After the successful PWNED of the credentials for the admin account. The malicious user can be storing an XSS payload, whit who can take the active PHPSESSID every time when he wants to log in to the system with an admin account by using this exploit.

Add Assessment

1
Ratings
Technical Analysis

CVE-nu11-15-092121

Description:

The Student Quarterly Grading System (by: oretnom23 ) is vulnerable to XSS – Stored PHPSESSID Hijacking Vulnerable PWNED.
The vulnerable app: is “users”, with parameters: “fullname” and “username”.
After the successful PWNED of the credentials for the admin account.
The malicious user can be storing an XSS payload, whit who can take the active PHPSESSID
every time when he wants to log in to the system with an admin account by using this exploit.

Reproduce:

href

Proof:

href

General Information

Technical Analysis