Cyber-III Student-Management-System add%20notice.php 跨站脚本漏洞

该 XSS 漏洞允许攻击者在受影响的 Cyber-III Student-Management-System 中注入恶意脚本。攻击者可以利用此漏洞窃取用户会话 Cookie，从而冒充合法用户执行操作，例如修改学生记录或发布虚假通知。此外，攻击者还可以利用此漏洞重定向用户到恶意网站，进行钓鱼攻击或传播恶意软件。由于该漏洞可以远程利用，且攻击代码已公开，因此潜在影响范围广泛，可能导致严重的安全事件。该漏洞的利用模式类似于其他常见的 XSS 漏洞，攻击者可以利用其进行各种恶意活动。

Organizations utilizing Cyber-III Student-Management-System, particularly those with publicly accessible administrative interfaces, are at risk. Shared hosting environments where multiple users share the same server instance are especially vulnerable, as an attacker could potentially exploit the vulnerability through another user's account.

• generic web: Use curl to test the /admin/Add%20notice/add%20notice.php endpoint with various payloads containing <script> tags. Examine the response for signs of script execution.

curl -X POST -d '<script>alert("XSS")</script>' http://your-target/admin/Add%20notice/add%20notice.php

• generic web: Review access and error logs for unusual patterns or requests containing suspicious characters or script tags. • php: Examine the source code of /admin/Add%20notice/add%20notice.php for inadequate input sanitization of the $SERVER['PHPSELF'] variable.

1. 2026-04-06Disclosure

   disclosure

2. 2026-04-06PoC

   poc

1. 已保留2026-04-06
2. 发布日期2026-04-06
3. EPSS 更新日期2026-04-14

由于 Cyber-III Student-Management-System 采用滚动发布模式，无法直接通过版本升级来修复此漏洞。建议采取以下缓解措施：首先，对 /admin/Add%20notice/add%20notice.php 文件进行严格的安全审查，确保输入验证和输出编码得到正确实现。其次，实施 Web 应用防火墙 (WAF) 或代理服务器，过滤恶意请求，阻止 XSS 攻击。此外，可以考虑对 $SERVER['PHPSELF'] 参数进行限制，只允许预期的值。最后，定期监控系统日志，检测可疑活动，及时发现并响应潜在的攻击。