The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xinheinformation xinhe teaching platform system v2021 |