| Titel | Gadget Works Online Ordering System v1.0 /philosophy/admin/user/controller.php?action=add POST parameter U_NAME exists Stored Cross Site Scripting |
|---|
| Beschreibung | An issue was discovered in Gadget Works Online Ordering System v1.0.
There is a stored cross site scripting vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /philosophy/admin/user/controller.php?action=add post parameter U_NAME.
Payload:<script>alert(document.cookie)</script> |
|---|
| Quelle | ⚠️ https://github.com/heitaoa999/bug_report/blob/main/vendors/janobe/Gadget%20Works%20Online%20Ordering%20System/XSS-1.md |
|---|
| Benutzer | heitaoa999 (UID 42741) |
|---|
| Einreichung | 12.03.2023 05:03 (vor 3 Jahren) |
|---|
| Moderieren | 12.03.2023 08:14 (3 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 222862 [SourceCodester Gadget Works Online Ordering System 1.0 Add New User controller.php?action=add U_NAME Cross Site Scripting] |
|---|
| Punkte | 19 |
|---|