| عنوان | projectworlds Visitor Management System V 1.0 Cross Site Scripting |
|---|
| الوصف | During the security assessment of "Visitor Management System Project in PHP MySQL", a Cross-Site Scripting (XSS) vulnerability was identified in "/Visitor Management System in PHP/myform.php".
The vulnerability arises because the system fails to properly handle user-controlled input (or DOM element data) associated with the "": when attackers submit content containing malicious JavaScript code, the system does not filter, encode, or escape the code before rendering it into the front-end HTML. When other users (including privileged users such as administrators) access the affected page or interact with the affected element, the malicious code is executed in their browsers under the context of the current domain.
This issue can be exploited with low attack costs (no complex technical barriers) and may affect a large number of users if the affected page is publicly accessible or widely used, posing a significant threat to user account security and system data confidentiality. |
|---|
| المصدر | ⚠️ https://github.com/tddgns/cve/issues/2 |
|---|
| المستخدم | tddgns (UID 90187) |
|---|
| ارسال | 21/09/2025 02:42 PM (7 أشهر منذ) |
|---|
| الاعتدال | 26/09/2025 02:04 PM (5 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 326106 [Projectworlds Visitor Management System 1.0 Add Visitor Page /myform.php الأسم البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|