| عنوان | SourceCodester Prison Management System 1.0 Cross Site Scripting |
|---|
| الوصف | A vulnerability has been discovered in SourceCodester Prison Management System 1.0. This issue affects the file /Employee/edit-profile.php and /Employee/profile.php, where several parameters including txtfullname, txtdob, txtaddress, txtqualification, cmddept, cmdemployeetype, and txtappointment are echoed directly into the HTML without proper sanitization or validation. This oversight allows attackers to inject arbitrary JavaScript code into the page, leading to potential cross-site scripting (XSS) attacks. |
|---|
| المصدر | ⚠️ https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/xss.md |
|---|
| المستخدم | yylm (UID 67976) |
|---|
| ارسال | 05/05/2024 08:47 AM (2 سنوات منذ) |
|---|
| الاعتدال | 05/05/2024 09:07 AM (21 minutes later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 263116 [SourceCodester Prison Management System 1.0 edit-profile.php البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|