| عنوان | projectworlds Lawyer Management System v1.0 Cross Site Scripting |
|---|
| الوصف | During a security assessment of the Lawyer Management System, a stored cross-site scripting (XSS) vulnerability was discovered in the lawyer registration functionality. The application fails to validate or sanitize the ‘first_Name’ input field during registration, and subsequently outputs this data unsanitized on the public ‘/lawyers.php’ page. An attacker can register as a lawyer with a malicious payload in the first name field. Once the account is activated (or automatically activated), any visitor – including administrators and other users – who browses the lawyer list will trigger the payload. This can lead to complete compromise of user sessions and sensitive data exposure. |
|---|
| المصدر | ⚠️ https://github.com/eqiya17/collection-of-vulnerability/issues/1 |
|---|
| المستخدم | WangYiQi (UID 96144) |
|---|
| ارسال | 09/03/2026 09:46 AM (2 أشهر منذ) |
|---|
| الاعتدال | 22/03/2026 01:05 PM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 352434 [projectworlds Lawyer Management System 1.0 /lawyers.php first_Name البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|