Enviar #290235: SOURCECODESTER FAQ Management System Using PHP and MySQL 1.0 Cross Site Scriptinginformación

TítuloSOURCECODESTER FAQ Management System Using PHP and MySQL 1.0 Cross Site Scripting
DescripciónThere is not input sanitization present when writing FAQs, making the web application vulnerable to XSS. Allows XSS by placing untrusted code on the parameters question and answer. Payload used is %3Cscript%3Ealert%28%27reigz+was+here%27%29%3C%2Fscript%3E for both parameters. Affected endpoint in question is /faq-management-system/endpoint/add-faq.php POC and further details available on github.
Fuente⚠️ https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BFAQ%20Management%20System%20Using%20PHP%20and%20MySQL%5D%20XSS%20on%20add-faq.php.md
Usuario
 reiginald (UID 64219)
Sumisión2024-02-29 01:48 (hace 2 años)
Moderación2024-03-01 08:26 (1 day later)
EstadoAceptado
Entrada de VulDB255385 [SourceCodester FAQ Management System 1.0 /endpoint/add-faq.php question/answer secuencias de comandos en sitios cruzados]
Puntos19

AnteriorVisión De ConjuntoPróximo

Want to know what is going to be exploited?

We predict KEV entries!