| عنوان | BichitroGan ISP Billing System 2025.3.20 Stored Cross-Site Scripting (XSS) |
|---|
| الوصف | The application allows administrators to create network pools using the Pool Name field. This input is stored in the database without proper validation or sanitization. When the stored value is later displayed in the Pool List interface, it is rendered directly into HTML without escaping, allowing execution of Iinjected JavaScript.
|
|---|
| المصدر | ⚠️ https://github.com/4m3rr0r/PoCVulDb/issues/16 |
|---|
| المستخدم | 4m3rr0r (UID 85795) |
|---|
| ارسال | 29/03/2026 03:02 PM (22 أيام منذ) |
|---|
| الاعتدال | 19/04/2026 06:32 PM (21 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 358259 [BichitroGan ISP Billing Software 2025.3.20 Pool List Interface /?\_route=pool/add البرمجة عبر المواقع] |
|---|
| النقاط | 18 |
|---|