| Titel | projectworlds Lawyer Management System v1.0 Cross Site Scripting |
|---|
| Beschreibung | During a security assessment of the Lawyer Management System, a stored cross-site scripting (XSS) vulnerability was discovered in the lawyer registration functionality. The application fails to validate or sanitize the ‘first_Name’ input field during registration, and subsequently outputs this data unsanitized on the public ‘/lawyers.php’ page. An attacker can register as a lawyer with a malicious payload in the first name field. Once the account is activated (or automatically activated), any visitor – including administrators and other users – who browses the lawyer list will trigger the payload. This can lead to complete compromise of user sessions and sensitive data exposure. |
|---|
| Quelle | ⚠️ https://github.com/eqiya17/collection-of-vulnerability/issues/1 |
|---|
| Benutzer | WangYiQi (UID 96144) |
|---|
| Einreichung | 09.03.2026 09:46 (vor 1 Monat) |
|---|
| Moderieren | 22.03.2026 13:05 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 352434 [projectworlds Lawyer Management System 1.0 /lawyers.php first_Name Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|