Submit #330021: SourceCodester Prison Management System 1.0 Cross Site Scriptinginfo

TitleSourceCodester Prison Management System 1.0 Cross Site Scripting
DescriptionA vulnerability was discovered in SourceCodester Prison Management System 1.0. This issue affects the file /Employee/changepassword.php, where several parameters including txtold_password、txtnew_password and txtconfirm_password are echoed directly into the HTML without proper sanitization or validation. This oversight allows attackers to inject arbitrary JavaScript code into the page, leading to potential cross-site scripting (XSS) attacks.
Source⚠️ https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/xss3.md
User
 yylm (UID 67976)
Submission05/06/2024 08:09 AM (11 months ago)
Moderation05/08/2024 07:52 AM (2 days later)
StatusAccepted
VulDB Entry263488 [SourceCodester Prison Management System 1.0 changepassword.php cross site scripting]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!