| Title | CodeAstro Real Estate Management System 1.0 Stored Cross-Site Script (XSS) |
|---|
| Description | We've discovered that the Real Estate Management System fails to validate user input in the feedback form, making it vulnerable to malicious JavaScript injection.
An attacker could insert malicious code into the feedback form, stored directly in the application's database. When the admin user accesses the feedback section, this code will be executed and pop up the admin cookie. The potential consequences are severe. The attacker could steal sensitive data, hijack admin accounts, vandalize the system, or even spread malware. |
|---|
| Source | ⚠️ https://docs.google.com/document/d/18M55HRrxHQ9Jhph6CwWF-d5epAKtOSHt/edit?usp=drive_link&ouid=105609487033659389545&rtpof=true&sd=true |
|---|
| User | Thrill_comrade (ID 62776) |
|---|
| Submission | 01/30/2024 18:58 (3 months ago) |
|---|
| Moderation | 01/31/2024 09:58 (15 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 252458 |
|---|