| Title | Codeastro Stock Management System 1 Cross-Site Scripting |
|---|
| Description | Project Name: Stock Management System
Vendor: codeastro.com
Project Link: [Stock Management System]( https://codeastro.com/stock-management-system-in-php-with-source-code/)
Vulnerability Type: Cross-site Scripting
Affected Parameter: http://localhost/StockManagementSystem/index.php
Severity: Medium
Description:
The Stock Management System is vulnerable to cross-site scripting attack in index.php when an attacker enters a script payload in the “Category Name”, “Category Description” of the ADD CATEGORY button at Categories module. When the user click on the categories module the alert prompt will be popping up.
Exploited Parameter:
- Category Name and Category Description field of the ADD CATEGORY button in the Categories module.
Payloads Used:
<script>alert(“category”)</script>
<script>alert(“categoryd”)</script>
Recommendations:
1. *Input Validation:* Implement strict input validation to prevent XSS injection.
2. *Update System:* Keep the Stock Management System, PHP, and server components up-to-date with the latest security patches.
3. *Security Audits:* Regularly audit system security and consider professional assessments to identify and fix vulnerabilities.
4. *Education:*The application developers on secure coding practices, emphasizing input validation and secure database handling.
Timeline:
- Discovery Date: [23/01/2024]
|
|---|
| Source | ⚠️ https://drive.google.com/drive/folders/17JTwjuT09q7he_oXkMtZS5jyyXw8ZIgg?usp=sharing |
|---|
| User | Mohammed Aashique (ID 62025) |
|---|
| Submission | 01/23/2024 08:31 (4 months ago) |
|---|
| Moderation | 01/26/2024 18:11 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 252203 |
|---|