| عنوان | https://www.sourcecodester.com/php/17847/employee-management-sys Employee Management System 1.0 Cross Site Scripting (XSS) |
|---|
| الوصف | In the `employee.php` page, when adding an employee, the `Full Name` field of the `employee` does not properly filter or validate user input. An attacker can exploit this vulnerability by injecting malicious scripts, such as `<script>alert('xss')</script>`. These scripts are stored in the database and rendered/executed every time the `employee.php` page is accessed, leading to a cross-site scripting (XSS) attack.
This vulnerability is a stored XSS attack, where attackers can store malicious scripts in the database to affect other users over an extended period. This could potentially lead to session hijacking, page content tampering, or other malicious actions. This issue needs to be addressed promptly to prevent data leakage and unauthorized page modifications. |
|---|
| المصدر | ⚠️ https://github.com/sorcha-l/cve/blob/main/Employee%20Management%20System%20by%20rems%20has%20xss.md |
|---|
| المستخدم | lxk_ (UID 81990) |
|---|
| ارسال | 26/02/2025 09:02 AM (1 سنة منذ) |
|---|
| الاعتدال | 03/03/2025 07:40 PM (5 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 298425 [SourceCodester Employee Management System 1.0 employee.php Full Name البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|