An attacker can leverage this vulnerability to execute arbitrary SQL commands and gain access to database records. In addition to the SQL injection flaw, this application was found to be vulnerable to a stored cross-site scripting (XSS) issue via the Lab name parameter at /staff/lab.php. This could allow a user to inject arbitrary web code into the application's response. An attacker could pose as a user to inject malicious code into the application's response.
CVE-2018-1234 The lab management system v1.0 was discovered to have a stored cross-site scripting (XSS) vulnerability via the Lab name parameter at /staff/lab.php. An attacker can exploit this to execute arbitrary web script in a user's browser session.
CVE-2018-1235 The lab management system v1.0 was discovered to have a stored cross-site scripting (XSS) vulnerability via the Lab name parameter at /staff/lab.php. An attacker can exploit this to execute arbitrary web script in a user's browser session.
CVE-2018-1236 The lab management system v1.0 was discovered to have a stored cross-site scripting (XSS) vulnerability via the Lab name parameter at /staff/lab.php. An attacker can exploit this to execute arbitrary web script in a user's browser session.
CVE-2018-1237 The lab management system v1.0 was discovered to have a stored cross-site scripting
Software Description:
Lab management system for the University of Toronto
The lab management system v1.0 was discovered to have a stored cross-site scripting (XSS) vulnerability via the Lab name parameter at /staff/lab.php. An attacker can exploit this to execute arbitrary web script in a user's browser session.
The lab management system v1.0 was discovered to have a stored cross-site scripting (XSS) vulnerability via the Lab name parameter at /staff/lab.php. An attacker can exploit this to execute arbitrary web script in a user's browser session.
The lab management system v1.0 was discovered to have a stored cross-site scripting (XSS) vulnerability via the Lab name parameter at /staff/lab.php. An attacker can exploit this to execute arbitrary web script in a user's browser session.
Stored Cross-site Scripting (XSS) Vulnerability
An attacker can exploit this to execute arbitrary web script in a user's browser session.
The lab management system v1.0 was discovered to have a stored cross-site scripting (XSS) vulnerability via the Lab name parameter at /staff/lab.php. An attacker can exploit this to execute arbitrary web script in a user's browser session.
Stored Cross-Site Scripting (XSS) Vulnerabilities
This application was found to be vulnerable to a stored cross-site scripting (XSS) issue via the Lab name parameter at /staff/lab.php. This could allow a user to inject arbitrary web code into the application's response. An attacker could pose as a user to inject malicious code into the application's response.
Timeline
Published on: 08/30/2022 00:15:00 UTC
Last modified on: 09/01/2022 06:58:00 UTC