ajax.php POST parameter complaint_type exists stored cross-site scriptinginfo

Titel	Multi Language Hotel Management Software v1.0 /sparkz/ajax.php POST parameter complaint_type exists stored cross-site scripting
Beschreibung	An issue was discovered in Multi Language Hotel Management Software v1.0. There is a stored cross-site scripting vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /sparkz/ajax.php post parameter complaint_type. Payload:complainant_name=1&complaint_type=<script>alert(document.cookie)</script>&complaint=2&createComplaint= Payload will trigger when a user visits on http://localhost/sparkz/index.php?complain
Quelle	⚠️ https://github.com/admin-passwd/bug_report/blob/main/XSS-1.md
Benutzer	getshell (UID 46326)
Einreichung	07.05.2023 04:39 (vor 3 Jahren)
Moderieren	07.05.2023 16:43 (12 hours later)
Status	Akzeptiert
VulDB Eintrag	228172 [SourceCodester Multi Language Hotel Management Software 1.0 POST Parameter ajax.php complaint_type Cross Site Scripting]
Punkte	20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!