Reflected Cross-Site Scripting Vulnerability in OS4ED's openSIS Classic
CVE-2023-38883

6.1MEDIUM

Key Information:

Vendor: Os4ed
Status: Opensis
Vendor: CVE Published:; 20 November 2023

What is CVE-2023-38883?

A reflected cross-site scripting (XSS) vulnerability has been identified in the Community Edition version 9.0 of OS4ED's openSIS Classic. This vulnerability allows remote attackers to inject arbitrary JavaScript into the web browser of a user by manipulating the 'ajax' parameter in 'ParentLookup.php'. If successfully exploited, this could lead to session hijacking or other malicious actions, making it critical for users to implement proper security measures and ensure their software is updated.

References

https://github.com/OS4ED/openSIS-Classic

https://www.os4ed.com/

https://github.com/dub-flow/vulnerability-research/tree/m...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2023
Vulnerability Reserved
Jul 25, 2023

CVE-2023-38883 Data

JSON

Os4ed

What is CVE-2023-38883?

References

CVSS V3.1

Timeline