Reflected Cross-Site Scripting Vulnerability in OS4ED's openSIS Classic
CVE-2023-38883

6.1MEDIUM

Key Information:

Vendor: Os4ed
Status: Opensis
Vendor: CVE Published:; 20 November 2023

What is CVE-2023-38883?

A reflected cross-site scripting (XSS) vulnerability has been identified in the Community Edition version 9.0 of OS4ED's openSIS Classic. This vulnerability allows remote attackers to inject arbitrary JavaScript into the web browser of a user by manipulating the 'ajax' parameter in 'ParentLookup.php'. If successfully exploited, this could lead to session hijacking or other malicious actions, making it critical for users to implement proper security measures and ensure their software is updated.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/OS4ED/openSIS-Classic

https://www.os4ed.com/

https://github.com/dub-flow/vulnerability-research/tree/m...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 20, 2023
Vulnerability Reserved
Jul 25, 2023

JSON

Os4ed

What is CVE-2023-38883?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.