| Titel | CodeAstro Complaint Management System v1.0 Stored Cross-Site Scripting (XSS) |
|---|
| Beschreibung | A Stored Cross-Site Scripting (XSS) vulnerability exists in the Report Management functionality of the Complaint Management System. The application fails to properly sanitize user-supplied input submitted through the Report Title field when creating reports. A low-privileged authenticated user can inject malicious JavaScript code into a report title, which is later rendered within the administrator's report management interface without output encoding. When an administrator views the report listing page, the malicious payload executes in the administrator's browser context, potentially leading to session compromise, unauthorized actions, privilege escalation, and complete administrative account takeover. |
|---|
| Quelle | ⚠️ https://github.com/ashikmd0507/CVE/blob/main/Stored%20XSS%20in%20Report%20Title%20Field%20Allows%20Script%20Execution%20in%20Admin%20Panel/README.md |
|---|
| Benutzer | ashikmd7 (UID 98284) |
|---|
| Einreichung | 30.05.2026 12:18 (vor 1 Monat) |
|---|
| Moderieren | 28.06.2026 18:05 (29 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 374566 [CodeAstro Complaint Management System 1.0 Report /report/addreport Report Title Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|