Enviar #593789: PHPGurukul COVID-19 Testing Management System 2021 version Cross-Site Scripting (XSS)información

TítuloPHPGurukul COVID-19 Testing Management System 2021 version Cross-Site Scripting (XSS)
DescripciónThe search-report-result.php endpoint of the COVID-19 Testing Management System is vulnerable to reflected Cross-Site Scripting (XSS). User-supplied input passed through the q parameter is improperly handled and reflected into the HTML response without appropriate sanitization. This enables an attacker to inject arbitrary JavaScript code into the victim’s browser. When a user submits a search query, the application reflects the input directly into the page, making it susceptible to XSS. An attacker can craft a malicious URL and trick a victim into clicking it, resulting in the execution of JavaScript, such as cookie theft or session hijacking. Affected Endpoint: /search-report-result.php using with this payload<img src=x onerror=alert(document.cookie)>
Fuente⚠️ http://localhost/covid-tms/search-report-result.php
Usuario
 Anzil (UID 86393)
Sumisión2025-06-10 09:01 (hace 11 meses)
Moderación2025-06-19 09:22 (9 days later)
EstadoAceptado
Entrada de VulDB313289 [PHPGurukul COVID19 Testing Management System 2021 search-report-result.php q secuencias de comandos en sitios cruzados]
Puntos20

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!