| Titel | code-projects Online Reviewer System In PHP 1.0 Cross Site Scripting |
|---|
| Beschreibung | The Online Reviewer System in PHP v1.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the btn_functions.php component. The issue occurs when the application processes the description parameter during the action=update request. User-supplied input is stored directly in the database without proper validation or output encoding. Because the stored value is later rendered in the web interface without sanitization, attackers can inject malicious HTML or JavaScript code. A crafted payload submitted through the description parameter may execute in the browser of users who view the affected question, leading to potential session hijacking or unauthorized actions within the application. |
|---|
| Quelle | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Stored%20Cross-Site%20Scripting%20(XSS)%20in%20Online%20Reviewer%20System%20PHP%20description%20Parameter.md |
|---|
| Benutzer | AhmadMarzook (UID 96211) |
|---|
| Einreichung | 11.03.2026 21:03 (vor 22 Tagen) |
|---|
| Moderieren | 27.03.2026 09:54 (16 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 353859 [code-projects Online Reviewer System bis 1.0 btn_functions.php Beschreibung Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|