Alumni Management System 1.0 - "Course Form" Stored XSS

ID: 103780
CVE: None
Download vulnerable application: None
# Exploit Title:  
# Exploit Author: Aakash Madaan
# Date: 2020-12-10
# Vendor Homepage:
# Software Link:
# Affected Version: Version 1
# Tested on: Parrot OS

Step 1. Login to the application with admin credentials

Step 2. Click on the "Course List" page.

Step 3. In the "Course Form" field, use XSS payload
"<script>alert("course")</script>" as the name of new course and click on

Step 4. This should trigger the XSS payload and anytime you click on the
"Course List" page, your stored XSS payload will be triggered.
1-4-2 (www01)