| Titel | CodeAstro Human Resource Management System in PHP CodeIgniter v1.0 Cross Site Scripting |
|---|
| Beschreibung | A stored cross-site scripting (XSS) vulnerability has been identified in the To-Do List functionality of CodeAstro Human Resource Management System in PHP CodeIgniter (https://codeastro.com/human-resource-management-system-in-php-codeigniter-with-source-code/). The issue exists because user-supplied input submitted through the (todo_data) parameter is not properly sanitized before being stored and rendered within the dashboard interface.
An attacker can inject arbitrary JavaScript payloads into a to-do entry. The malicious payload is executed immediately after submission and continues to execute whenever the dashboard page is visited or the To-Do List section is loaded, confirming the presence of a persistent/stored XSS vulnerability.
Successful exploitation may allow attackers to hijack user sessions, perform actions on behalf of authenticated users, manipulate dashboard content, or steal sensitive information accessible within the application context. |
|---|
| Quelle | ⚠️ https://github.com/ashikmd0507/CVE/tree/main/Stored-XSS-via-TO-DO-LIST |
|---|
| Benutzer | ashikmd7 (UID 98284) |
|---|
| Einreichung | 26.05.2026 13:09 (vor 18 Tagen) |
|---|
| Moderieren | 12.06.2026 17:21 (17 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 370614 [CodeAstro Human Resource Management System 1.0 Dashboard Interface /dashboard/add_tod todo_data Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|