| Titel | Code-projects Simple Stock System v1.0 Stored XSS vulnerability |
|---|
| Beschreibung | A storage-type XSS vulnerability was found in the "chatuser.php " file of the "Simple Stock System" project. The root cause is that the program inserts the raw data retrieved by "$_POST" directly into the "chat_table". If an attacker sends a Payload (e.g."<img src=x onerror=alert(1)>"), the code will store it permanently in the database. When a user requests to view a chat history, "echo $msg_list" sends malicious code from the database to the browser of each user who visits the chat page. Immediate corrective actions are essential to safeguard system security and uphold data integrity. |
|---|
| Quelle | ⚠️ https://github.com/jjjjj-zr/jjjjjzr18/issues/2 |
|---|
| Benutzer | jjjjjzr (UID 92774) |
|---|
| Einreichung | 26.12.2025 07:15 (vor 4 Monaten) |
|---|
| Moderieren | 28.12.2025 11:21 (2 days later) |
|---|
| Status | Duplikat |
|---|
| VulDB Eintrag | 337598 [code-projects Simple Stock System 1.0 /market/chatuser.php Cross Site Scripting] |
|---|
| Punkte | 0 |
|---|