إرسال #399338: SourceCodester Contact Manager with Export to VCF 1.0 Improper Neutralization of Alternate XSS Syntaxالمعلومات

عنوانSourceCodester Contact Manager with Export to VCF 1.0 Improper Neutralization of Alternate XSS Syntax
الوصفA Stored XSS vulnerability found in Contact Manager with Export to VCF from SourceCodester where **contact_name** parameter (Contact Name) display field storing data in index.html line 105 ``` <thead> <tr> <th scope="col">Contact ID</th> 105 <th scope="col">Name</th> <th scope="col">Phone Number</th> <th scope="col">Email</th> <th scope="col">Action</th> </tr> </thead> ``` is not properly sanitized for prevention of XSS and vulnerable to stored XSS vulnerability Step to reporduce: 1. Product URL:https://www.sourcecodester.com/php/17556/contact-manager-export-vcf-using-php-and-mysql-source-code.html Download and setup this project 2. navigate to URL 3. Use this payload "><img src=x onerror=alert("document.cookie")> in the **Contact Name** field 4. Submit and Observe the XSS (advisory link add after CVE assignment)
المستخدم
 guru (UID 74056)
ارسال28/08/2024 06:04 PM (2 سنوات منذ)
الاعتدال30/08/2024 07:43 AM (2 days later)
الحالةتمت الموافقة
إدخال VulDB276212 [SourceCodester Contact Manager with Export to VCF 1.0 index.html contact_name البرمجة عبر المواقع]
النقاط17

Want to stay up to date on a daily basis?

Enable the mail alert feature now!