Authored by Kislay Kumar

Multi Branch School Management System version 3.5 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: Multi Branch School Management System 3.5 - "Create Branch" Stored XSS
# Exploit Author: Kislay Kumar
# Date: 2020-12-21
# Google Dork: N/A
# Vendor Homepage:
# Software Link:
# Affected Version: 3.5
# Category: Web Application
# Tested on: Kali Linux

Step 1. Login as Super Admin.

Step 2. Select "Branch" from menu and after that click on "Create Branch".

Step 3. Insert payload - "><img src onerror=alert(1)> in "Branch Name" ,
"School Name" , "Mobile No." , "Currency" , "Symbol" , "City" and "State".

Step 4. Now Click on "Save" and you will get a list of alert boxes.