Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
Apr 23rd 2022
Stored XSS found due to long name summarize
Proof of Concept
1.First, access the latest version of the demo environment. https://www.rosariosis.org/demonstration/index.php
2.Then log in with your teacher account (teacher/teacher)
3.After logging in, access to add an assignment.
4.Then enter the assignment's name with a payload contain more than 37 letter such as
12345678" onmouseover="alert(origin) -> a span tag will show up at student / parent view when they access assignment lists that i can escape from
5.Finally, save the assignment.
6.Log in from here with your student's or parent's account
7.After logging in, access page that can see the list of assignment https://www.rosariosis.org/demonstration/Modules.php?modname=misc/Portal.php
-> An alert box will show up when student try to open that assignment.
Thank you for reporting the issue. Version 9.0 will escape HTML attributes program wide, so hopefully it is not found anywhere else.