Enviar #290263: SOURCECODESTER Flashcard Quiz App Using PHP and MySQL 1.0 Cross Site Scriptinginformación

TítuloSOURCECODESTER Flashcard Quiz App Using PHP and MySQL 1.0 Cross Site Scripting
DescripciónThere is no input sanitization present when updating flashcards, making the web application vulnerable to XSS. Allows XSS by placing untrusted code on the parameters question and answer. Payload used is %3Cscript%3Ealert%28%27reigz+was+here%27%29%3C%2Fscript%3E for both parameters. Affected endpoint is /flashcard-quiz/endpoint/update-flashcard.php POC and additional information is available on github
Fuente⚠️ https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BFlashcard%20Quiz%20App%20Using%20PHP%20and%20MySQL%5D%20XSS%20on%20update-flashcard.php.md
Usuario
 reiginald (UID 64219)
Sumisión2024-02-29 02:06 (hace 2 años)
Moderación2024-03-01 08:28 (1 day later)
EstadoAceptado
Entrada de VulDB255387 [SourceCodester Flashcard Quiz App 1.0 update-flashcard.php question/answer secuencias de comandos en sitios cruzados]
Puntos19

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!