| عنوان | PHPGurukul Human Metapneumovirus (HMPV) – Testing Management System 1.0 Cross Site Scripting |
|---|
| الوصف | There is a Cross - Site Scripting (XSS) vulnerability on the `registered-user-testing.php` page. Although the front - end restricts the `regmobilenumber` input to numbers only, the back - end fails to validate, filter, or encode the output of this parameter.
Attackers can construct a malicious URL by setting the `regmobilenumber` parameter to `<script>alert("xss")</script>` and adding `search=Search` to simulate a search, bypassing the front - end restriction. When users visit the URL with these malicious parameters, the page will execute the script, triggering an "xss" alert box.
This high - risk vulnerability allows attackers to create sophisticated malicious scripts to steal users' session credentials and login information, redirect the page to malicious websites, or perform other malicious actions, severely threatening user privacy and system security. |
|---|
| المصدر | ⚠️ https://github.com/sorcha-l/cve/blob/main/Human%20Metapneumovirus%20(HMPV)%20%E2%80%93%20Testing%20Management%20System%20%20XSS%20in%20registered-user-testing.php.md |
|---|
| المستخدم | lxk_ (UID 81990) |
|---|
| ارسال | 06/03/2025 10:56 AM (1 سنة منذ) |
|---|
| الاعتدال | 16/03/2025 02:18 PM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 299870 [PHPGurukul Human Metapneumovirus Testing Management System 1.0 Registered Mobile Number Search registered-user-testing.php regmobilenumber البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|