| Title | Needyamin Library-Card-System 1.0 Stored Cross Site Scripting |
|---|
| Description | Title of the Vulnerability: Library-Card-System | Stored Cross Site Scripting In signup.php |
Finder & Exploit Owner: Maloy Roy Orko
Vulnerability Class: Stored Cross Site Scripting
Product Name: Library-Card-System
Vendor: Needyamin
Type: Library-Card-System
Vulnerable Product Link: https://github.com/needyamin/Library-Card-System/
Vendor Link:
https://github.com/needyamin/
Affected Components: /signup.php
In Short:
Stored Cross Site Scripting Vulnerability Found By Maloy Roy Orko At /signup.php In Library-Card-System 1.0(Vendor: Needyamin).The Sign Up Fields In (/signup.php) Don't Validate Or Sanitize The User Inputs Even No Defense Against XSS.So,The Fields Can Be Used To Execute Malicious JavaScript Commands.
Suggested Description:
Stored Cross Site Scripting in "/signup.php" in "Library-Card-System application By needyamin v 1.0" Found By "Maloy Roy Orko" allows "remote" attacker "To Execute Malicious JavaScript Commands Because User Can Register With XSS Payloads & JavaScript Codes" via "/admindashboard.php & card.php".
Attack Vectors:
To exploit vulnerability,he has to register with xss payloads in signup fields like name,book in /signup.php.Thus, Attacker can execute malicious JavaScript codes in /admindashboard.php & /card.php!
Detailed Blog:
https://www.websecurityinsights.my.id/2025/01/library-card-system-stored-cross-site.html?m=1
|
|---|
| Source | ⚠️ https://www.websecurityinsights.my.id/2025/01/library-card-system-stored-cross-site.html?m=1 |
|---|
| User | MaloyRoyOrko (UID 79572) |
|---|
| Submission | 01/20/2025 03:13 AM (5 months ago) |
|---|
| Moderation | 01/29/2025 04:38 PM (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 294001 [needyamin Library Card System 1.0 Registration Page signup.php firstname/lastname/email/borrow/user_address cross site scripting] |
|---|
| Points | 20 |
|---|