| Título | SourceCodester Contact Manager with Export to VCF 1.0 Improper Neutralization of Alternate XSS Syntax |
|---|
| Descripción | A Stored XSS vulnerability found in Contact Manager with Export to VCF from SourceCodester where **contact_name** parameter (Contact Name) display field storing data in
index.html line 105
```
<thead>
<tr>
<th scope="col">Contact ID</th>
105 <th scope="col">Name</th>
<th scope="col">Phone Number</th>
<th scope="col">Email</th>
<th scope="col">Action</th>
</tr>
</thead>
```
is not properly sanitized for prevention of XSS and vulnerable to stored XSS vulnerability
Step to reporduce:
1. Product URL:https://www.sourcecodester.com/php/17556/contact-manager-export-vcf-using-php-and-mysql-source-code.html
Download and setup this project
2. navigate to URL
3. Use this payload "><img src=x onerror=alert("document.cookie")> in the **Contact Name** field
4. Submit and Observe the XSS
(advisory link add after CVE assignment) |
|---|
| Usuario | guru (UID 74056) |
|---|
| Sumisión | 2024-08-28 18:04 (hace 2 años) |
|---|
| Moderación | 2024-08-30 07:43 (2 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 276212 [SourceCodester Contact Manager with Export to VCF 1.0 index.html contact_name secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 17 |
|---|