CVE-2021-40542 Scanner

OpenSIS-Classic Version 8.0 is an open-source school management system. It helps administrators to manage academic records, such as attendance, assessment, schedules, and grading, and generate reports, such as transcripts, progress cards, and certificates, of students in K-12 schools and colleges. OpenSIS-Classic is designed to work on Windows, Linux, or Mac OS and supports MySQL, PostgreSQL, and Oracle as a database management system. OpenSIS-Classic provides a web-based user interface where teachers, students, and parents can access and share information securely. 

CVE-2021-40542 is a security vulnerability that affects OpenSIS-Classic Version 8.0. This vulnerability allows an attacker, who does not have to be authenticated or authorized, to inject malicious scripts into the link_url parameter in Ajax_url_encode.php. This parameter is commonly used in the URL of the page to retrieve data from the server or execute a specific function. The scripts injected by the attacker can be executed by the victim's web browser in the context of the vulnerable web application, which can lead to a cross-site scripting (XSS) attack. 

When this vulnerability is exploited, an attacker can steal sensitive data, such as user credentials, session cookies, or personal information, from the victim's browser and send it to the attacker's server or perform malicious actions, such as redirecting the victim to a phishing page, downloading malware, or defacing the website. The impact of this vulnerability depends on the intention and skill level of the attacker and the sensitivity and volume of the targeted data. 

Security For Everyone is a pro cybersecurity platform that enables users to scan and monitor their digital assets, such as websites, APIs, and mobile apps, for security vulnerabilities and compliance risks. Thanks to the advanced features of Security For Everyone, such as automated scanning, prioritized reporting, and actionable insights, OpenSIS-Classic users can easily and quickly identify and remediate CVE-2021-40542 and other vulnerabilities that threaten their data and reputation. Furthermore, Security For Everyone provides personalized support and training to help users enhance their security posture and reduce their exposure to cyber threats.

REFERENCES

• https://github.com/OS4ED/openSIS-Classic/issues/189