Pearson eSIS Enterprise Student Information System contains a XSS vulnerability.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Pearson eSIS Enterprise Student Information System contains a reflected cross-site scripting vulnerability in the /aal/loginverification.aspx page. An attacker is able to load arbitrary script in the context of the user's browser through the data passed to the website.
A remote unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session.
We are currently unaware of a practical solution to this problem.
Thanks to Ali Hussein of help AG middle east for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2014-04-01|
|Date Last Updated:||2014-04-01 13:52 UTC|