Submit #432236: Project Worlds Simple Web Based Chat Application 1.0 Cross Site Scriptinginfo

TitleProject Worlds Simple Web Based Chat Application 1.0 Cross Site Scripting
Description index.php is vulnerable to the tested XSS payload: %3cIMG%20%22%22%22%3e%3cSCRIPT%3ealert(%22XSS%22)%3c%2fSCRIPT%3e%22%3e. This string is encoded and when decoded, it attempts to inject a script into the webpage: <IMG """"><SCRIPT>alert("XSS")</SCRIPT>"> Application does not properly sanitize or validate the phone_number input, this script could be executed in the user's browser, leading to an XSS attack.
Source⚠️ https://github.com/jadu101/CVE/blob/main/project_worlds_simple_web_based_chat_app_index_xss.md
User
 jadu101 (UID 70632)
Submission10/26/2024 08:23 PM (2 months ago)
Moderation10/27/2024 08:14 AM (13 hours later)
StatusAccepted
VulDB Entry281984 [Project Worlds Simple Web-Based Chat Application 1.0 /index.php Name/Comment cross site scripting]
Points20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!