| عنوان | SourceCodester Web-based Pharmacy Product Management System 1.0 Cross Site Scripting |
|---|
| الوصف | A stored cross-site scripting (XSS) vulnerability exists in SourceCodester Web-based Pharmacy Product Management System version 1.0. The vulnerability affects the profile update functionality in edit-profile.php, specifically the "fullname" parameter.
The application does not properly sanitize or encode user-supplied input before storing it in the database. An authenticated attacker can inject malicious JavaScript into the fullname field. The payload is stored persistently and rendered within the global application layout (e.g., header or navigation area).
As a result, the injected script executes automatically on every page load across the application after profile modification. Successful exploitation allows execution of arbitrary JavaScript in the context of authenticated users, potentially leading to session hijacking, privilege escalation, and unauthorized actions. |
|---|
| المصدر | ⚠️ https://gist.github.com/Denilxavier/6b21cb788f7f545179286f6c44989448 |
|---|
| المستخدم | Denil Xavier (UID 95932) |
|---|
| ارسال | 26/02/2026 04:39 PM (2 أشهر منذ) |
|---|
| الاعتدال | 07/03/2026 09:51 PM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 349744 [SourceCodester Web-based Pharmacy Product Management System 1.0 edit-profile.php fullname البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|