| عنوان | sourcecodester Barangay Population Monitoring System 1.0 Stored XSS |
|---|
| الوصف | The Barangay Population Monitoring System by SOURCECODESTER is vulnerable to a Stored Cross-Site Scripting (XSS) attack through its /endpoint/update-resident.php component. This vulnerability is introduced by the application's failure to properly sanitize user input for the full_name field. An attacker can exploit this flaw by submitting a specially crafted payload through the full_name parameter, which, when processed by the server, leads to the execution of arbitrary JavaScript code in the context of the user's browser session. This particular exploit demonstrates the potential for attackers to inject malicious scripts, such as <img src=x onerror=alert('NoChizPlZ')>, which can lead to a variety of malicious outcomes, including but not limited to session hijacking, redirection to phishing sites, or unauthorized access to sensitive information. The proof of concept provided outlines how such a payload can be submitted, emphasizing the critical need for input validation and encoding measures to prevent XSS vulnerabilities. |
|---|
| المصدر | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Barangay%20Population%20Monitoring%20System/Stored%20XSS%20update-resident.php%20.md |
|---|
| المستخدم | nochizplz (UID 64302) |
|---|
| ارسال | 28/02/2024 01:50 PM (2 سنوات منذ) |
|---|
| الاعتدال | 01/03/2024 08:04 AM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 255380 [SourceCodester Barangay Population Monitoring System حتى 1.0 update-resident.php full_name البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|