| Título | code-projects Online-Blog-Admin-System-PHP-Project 1.0 Cross Site Scripting |
|---|
| Descripción | A critical stored Cross-Site Scripting (XSS) vulnerability was identified in the Online Blog Admin System (v1.0) within the pageViewMembers.php page. The vulnerability arises from unsanitized user input rendered in the member table (e.g., Full Name, Address, City, Phone), allowing payloads like <script>alert("XSS by 0xCaptainFahim")</script> to execute. Additional risks include outdated Bootstrap 3.3.4 and jQuery 1.12.4 libraries and default admin credentials.
Type: Cross-Site Scripting (XSS)
Severity: Critical (Stored XSS); Medium (Other Issues)
Affected Component: pageViewMembers.php
Affected URL: http://localhost/responsive/resblog/blogadmin/admin/pageViewMembers.php
Vulnerable Parameter: User input fields (Full Name, Address, City, Phone) |
|---|
| Fuente | ⚠️ https://gist.github.com/0xCaptainFahim/8bb9021dcea33863eaf0279aaca2671c |
|---|
| Usuario | 0xCaptainFahim (UID 86447) |
|---|
| Sumisión | 2025-06-11 22:36 (hace 10 meses) |
|---|
| Moderación | 2025-06-19 12:49 (8 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 313342 [code-projects Responsive Blog 1.0/1.12.4/3.3.4 pageViewMembers.php secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 20 |
|---|