Submit #49603: Sanitization Management System v1.0 Stored Cross Site Scripting
Title | Sanitization Management System v1.0 Stored Cross Site Scripting |
---|---|
Description | In Sanitization Management System v1.0, several parameters do not have sufficient input sanitization mechanisms which led to successful execution of cross-site scripting payloads. Affected parameters: 1. name (Endpoint: /php-sms/classes/SystemSettings.php) 2. shortname (Endpoint: /php-sms/classes/SystemSettings.php) 3. message (Endpoint: /php-sms/classes/Master.php) Affected Sink: 1. Entire application for /php-sms/classes/SystemSettings.php 2. /php-sms/admin/?page=inquiries/view_inquiry for /php-sms/classes/Master.php References: https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html |
User | jiajian (ID 34329) |
Submission | 10/23/2022 18:59 (2 years ago) |
Moderation | 10/24/2022 07:40 (13 hours later) |
Accepted | Accepted |
VulDB Entry | VDB-212015 |