Submit #476908: CampCodes DepEd Equipment Inventory System 1.0 Stored Cross-Site Scripting (XSS)info

TitleCampCodes DepEd Equipment Inventory System 1.0 Stored Cross-Site Scripting (XSS)
DescriptionVendor and Product Information: Vendor: CampCodes Product: DepEd Equipment Inventory System Product URL: https://www.campcodes.com/projects/php/deped-equipment-inventory-system-using-php-mysqli-free-download/ Confidence: Confirmed Description: The web application has a stored cross-site scripting (XSS) vulnerability in the add employee feature. An attacker can insert malicious JavaScript into the "data" field. As a result, when other users view the affected employee, the script runs in their browsers, potentially leading to session hijacking, data theft, or other malicious activities.
Source⚠️ https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20DepEd%20Equipment%20Inventory%20System.md
User
 John Correche (UID 79510)
Submission01/08/2025 04:17 AM (1 month ago)
Moderation01/08/2025 09:39 PM (17 hours later)
StatusAccepted
VulDB Entry290861 [CampCodes DepEd Equipment Inventory System 1.0 /data/add_employee.php data cross site scripting]
Points20

Interested in the pricing of exploits?

See the underground prices here!