SourceCodester Simple e-Learning System claire_blake cross site scripting
CVE-2022-2396

3.5LOW

Key Information:

Vendor: Sourcecodester
Status: Simple E-learning System
Vendor: CVE Published:; 14 July 2022

Summary

A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input ">alert(document.cookie) leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Version(s)

Simple e-Learning System 1.0

References

https://github.com/CyberThoth/CVE/blob/83c243538386cd0761...

x_refsource_MISC

https://vuldb.com/?id.203779

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 14, 2022
Vulnerability Reserved
Jul 13, 2022