Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS

EDB-ID:

49292

CVE:

N/A




Platform:

PHP

Date:

2020-12-18


# Exploit Title:  Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS
# Exploit Author: Kislay Kumar
# Date: 2020-12-18
# Vendor Homepage: https://xeroneit.net/
# Software Link: https://xeroneit.net/portfolio/library-management-system-lms
# Affected Version: Version 3.1
# Tested on: Kali Linux

Step 1. Login to the application as Admin.

Step 2. Select "Book" from menu and click on "Book Category" . Now , click
on "Add" Button.

Step 3. Insert payload - "><img src onerror=alert(1)> ,  in "Category Name"
and Save it.

Step 4. Now you will see an alert box .