Submit #290263: SOURCECODESTER Flashcard Quiz App Using PHP and MySQL 1.0 Cross Site Scriptinginfo

TitelSOURCECODESTER Flashcard Quiz App Using PHP and MySQL 1.0 Cross Site Scripting
BeschreibungThere is no input sanitization present when updating flashcards, making the web application vulnerable to XSS. Allows XSS by placing untrusted code on the parameters question and answer. Payload used is %3Cscript%3Ealert%28%27reigz+was+here%27%29%3C%2Fscript%3E for both parameters. Affected endpoint is /flashcard-quiz/endpoint/update-flashcard.php POC and additional information is available on github
Quelle⚠️ https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BFlashcard%20Quiz%20App%20Using%20PHP%20and%20MySQL%5D%20XSS%20on%20update-flashcard.php.md
Benutzer
 reiginald (UID 64219)
Einreichung29.02.2024 02:06 (vor 2 Jahren)
Moderieren01.03.2024 08:28 (1 day later)
StatusAkzeptiert
VulDB Eintrag255387 [SourceCodester Flashcard Quiz App 1.0 update-flashcard.php question/answer Cross Site Scripting]
Punkte19

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!