| عنوان | code-projects Invoice System in Laravel 1.0 DOM-Based Cross-Site Scripting (XSS) |
|---|
| الوصف | The JavaScript logic responsible for dynamically adding items to the invoice form uses innerHTML to render item names and descriptions. If these fields are populated with malicious payloads (e.g., via the /item update or creation flow), they will execute in the browser of any user opening the invoice form. |
|---|
| المصدر | ⚠️ https://gist.github.com/higordiego/dd7f841bbd1b8b951434511d044f7c6e |
|---|
| المستخدم | c4ttr4ck (UID 75518) |
|---|
| ارسال | 09/04/2026 03:49 AM (2 أشهر منذ) |
|---|
| الاعتدال | 26/04/2026 04:45 PM (18 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 359711 [code-projects Invoice System in Laravel 1.0 /item item name/description البرمجة عبر المواقع] |
|---|
| النقاط | 17 |
|---|