Submit #674206: code-projects Client Details System V1.0 Stored Cross-Site Scriptinginfo

Titelcode-projects Client Details System V1.0 Stored Cross-Site Scripting
BeschreibungThe “Client Details” listing page displays persisted user-supplied data without encoding. If an attacker saves a payload such as <script>alert(1)</script> in any displayed field (e.g., First Name, U‑Name, Email, or an uploaded filename), the payload is executed when the page is loaded. The screenshot shows a JavaScript alert firing on update-clients.php , evidencing successful stored XSS.
Quelle⚠️ https://github.com/hellonewbie/tutorial/issues/10
Benutzer
 LiuJiYing (UID 91591)
Einreichung13.10.2025 15:21 (vor 6 Monaten)
Moderieren26.10.2025 17:17 (13 days later)
StatusAkzeptiert
VulDB Eintrag329952 [code-projects Client Details System 1.0 /admin/manage-users.php Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!