jSchool Advanced suffers from a cross site scripting vulnerability.
f20e62d7c06bc1e666526c6b77d65b67caec74a34979725689f573eddaadd9c2
TITLE: jSchool Advanced "action" Cross-Site Scripting
PRODUCT: jSchool Advanced
PRODUCT URL: http://jogjacamp.com/script_4_jSchool_Advanced.html
RESEARCHERS: underground-stockholm.com
RESEARCHERS URL: http://underground-stockholm.com/
BUG:
Input passed via the "action" parameter to index.php is not properly sanitised
before being returned to the user. This can be exploited to execute arbitrary
HTML and script code in a user's browser session in context of an affected
site.