2023-11-20 00:00:00
mitre
PUBLISHED
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4EDs openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the calendar_id, school_date, month or year parameters in CalendarModal.php.