CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user.
CVE-2022-46087 CloudSchool v301 is vulnerable to Cross Site Scripting (XSS) A normal user can steal session cookies of the admin users through notification received by the admin user Reffer to: githubcom/G37SYS73M/Advisory_G37SYS73M/blob/main/CVE-2022-46087/pocmd