Master.php?f=save_course POST form-data parameter name exists stored cross-site scriptinginformación

Título	Simple Student Information System v1.0 /sis/classes/Master.php?f=save_course POST form-data parameter name exists stored cross-site scripting
Descripción	An issue was discovered in Simple Student Information System v1.0. There is a stored cross-site scripting vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /sis/classes/Master.php?f=save_course POST form-data parameter name. Steps to reproduce 1.Go to the admin Login 2.Click on "Course List" and Click on "+ Add New Course". 3.Put Payload into the Course parameter 4.Click on Save 5.Payload will trigger when a user visits on http://localhost/sis/admin/?page=courses
Fuente	⚠️ https://github.com/sssddc11/bug_report/blob/master/XSS-1.md
Usuario	wangshiyou (UID 45923)
Sumisión	2023-04-29 05:03 (hace 3 años)
Moderación	2023-04-29 09:03 (4 hours later)
Estado	Aceptado
Entrada de VulDB	227751 [SourceCodester Simple Student Information System 1.0 Add New Course Master.php?f=save_course Nombre secuencias de comandos en sitios cruzados]
Puntos	20

Might our Artificial Intelligence support you?

Check our Alexa App!