| عنوان | itsourcecode Online Petshop Management System 1 Stored XSS in Admin Dashboard Triggered by Customer Orders |
|---|
| الوصف | The Petshop Online Website is vulnerable to Stored Cross-Site Scripting (XSS) via the order submission form. If a visitor submits an order with a malicious payload in the name or address fields, the input is stored in the database (tblorders) and later displayed directly on the admin dashboard without sanitization or escaping. As a result, the payload executes immediately in the admin’s browser when they view the new order. This allows an attacker to execute arbitrary JavaScript in the context of the admin user, potentially stealing cookies, performing actions on behalf of the admin, or manipulating dashboard content. The vulnerability exists because user input is stored and reflected without validation or output encoding. |
|---|
| المصدر | ⚠️ https://github.com/drew-byte/Online-Pet-Shop-Management-System_AdminDashboard_Stored-XSS-PoC/blob/main/README.md |
|---|
| المستخدم | drewbyte (UID 89075) |
|---|
| ارسال | 09/09/2025 09:39 AM (9 أشهر منذ) |
|---|
| الاعتدال | 17/09/2025 02:12 PM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 324661 [itsourcecode Online Petshop Management System 1.0 Admin Dashboard availableframe.php name/address البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|