2024-05-13 11:27:26
INCIBE
PUBLISHED
Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index /schoolerp/office_admin/ in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.