Enviar #32538: Automatic Question Paper Generator System 1.0 - Cross-site scripting storedinformación

Título	Automatic Question Paper Generator System 1.0 - Cross-site scripting stored
Descripción	# Exploit Title: Automatic Question Paper Generator System 1.0 - Cross-site scripting stored # Date: 2022-11-03 # Exploit Author: Mr Empy # Software Link: https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html # Version: 1.0 # Tested on: Linux Title: ================ Automatic Question Paper Generator System 1.0 - Cross-site scripting stored Summary: ================ The Automatic Question Paper Generator in version 1.0 is vulnerable to arbitrary persistent javascript code injection (XSS), which can lead to thwarting of browser resources and session cookie theft. Severity Level: ================ 7.5 (High) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Product: ================ Automatic Question Paper Generator v1.0 Steps to Reproduce: ================ 1. Open your browser, create an account on the site and log into it (http://target.com/aqpg/users/login.php). 2. Click on your profile icon and then click on My Account. The field called "First Name", "Middle Name", "Last Name" are vulnerable to XSS, inject the payload into one of them and then save your changes.
Fuente	⚠️ https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.htm
Usuario	mrempy (UID 24379)
Sumisión	2022-03-13 16:06 (hace 4 años)
Moderación	2022-03-14 07:08 (15 hours later)
Estado	Aceptado
Entrada de VulDB	194847 [Automatic Question Paper Generator System 1.0 My Account Page /aqpg/users/login.php First Name/Middle Name/Last Name secuencias de comandos en sitios cruzados]
Puntos	20

◂ Anterior Visión De Conjunto Próximo ▸

Do you know our Splunk app?

Download it now for free!