1. Vulnerability Overview:

• Vulnerability Name: stored XSS
• Affected Software: RosarioSIS
• Vulnerability Location: Portal Notes (rosariosis.org)
• Severity: High

2. Description:

A vulnerability pertaining to Stored Cross-site Scripting (XSS) has been identified in version 11.5.1 of Rosariosis at modname=School_setup/portalnotes.php . This flaw enables attackers to upload a malicious PDF file containing JavaScript code. Subsequently, this code may be triggered upon viewing the PDF.

3. Steps to reproduce:

1. Craft a malicious pdf file that contains an embedded Javascript code in it. this is the code that I used to generate the file: