| عنوان | PHPGurukul Land Record System 0.0.1 Cross Site Scripting |
|---|
| الوصف | In the directory '/landrecordsys/admin/contactus.php' in admin account, there is an unrestricted cross-site scripting (XSS) vulnerability and injection attacks in the "Land Record System" system on the 'Page Description' parameter. This function will execute the user parameter without restriction. Malicious attackers can exploit this vulnerability to obtain sensitive information from clients.
script: "><img src=x onerror=alert(document.cookie)>"</b> |
|---|
| المصدر | ⚠️ https://phpgurukul.com/land-record-system-using-php-and-mysql/ |
|---|
| المستخدم | Fergod (UID 55882) |
|---|
| ارسال | 30/12/2024 05:26 PM (1 سنة منذ) |
|---|
| الاعتدال | 31/12/2024 09:58 AM (17 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 289834 [PHPGurukul Land Record System 1.0 /admin/contactus.php Page Description البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|