2025-11-10 09:09:31
INCIBE
PUBLISHED
Stored Cross Site Scripting (XSS) vulnerability in Smart School 7.0 due to lack of proper validation of user input when sending a POST request to /online_admission, wich affects the parameters firstname, lastname, guardian_name and others. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal his/her session cookie details.