| Titel | SourceCodester Contact Manager with Export to VCF 1.0 Improper Neutralization of Alternate XSS Syntax |
|---|
| Beschreibung | A Stored XSS vulnerability found in Contact Manager with Export to VCF from SourceCodester where **contact_name** parameter (Contact Name) display field storing data in
index.html line 105
```
<thead>
<tr>
<th scope="col">Contact ID</th>
105 <th scope="col">Name</th>
<th scope="col">Phone Number</th>
<th scope="col">Email</th>
<th scope="col">Action</th>
</tr>
</thead>
```
is not properly sanitized for prevention of XSS and vulnerable to stored XSS vulnerability
Step to reporduce:
1. Product URL:https://www.sourcecodester.com/php/17556/contact-manager-export-vcf-using-php-and-mysql-source-code.html
Download and setup this project
2. navigate to URL
3. Use this payload "><img src=x onerror=alert("document.cookie")> in the **Contact Name** field
4. Submit and Observe the XSS
(advisory link add after CVE assignment) |
|---|
| Benutzer | guru (UID 74056) |
|---|
| Einreichung | 28.08.2024 18:04 (vor 2 Jahren) |
|---|
| Moderieren | 30.08.2024 07:43 (2 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 276212 [SourceCodester Contact Manager with Export to VCF 1.0 index.html contact_name Cross Site Scripting] |
|---|
| Punkte | 17 |
|---|