| Título | Code-projects Simple Stock System v1.0 Stored XSS vulnerability |
|---|
| Descripción | A storage-type XSS vulnerability was found in the "chatuser.php " file of the "Simple Stock System" project. The root cause is that the program inserts the raw data retrieved by "$_POST" directly into the "chat_table". If an attacker sends a Payload (e.g."<img src=x onerror=alert(1)>"), the code will store it permanently in the database. When a user requests to view a chat history, "echo $msg_list" sends malicious code from the database to the browser of each user who visits the chat page. Immediate corrective actions are essential to safeguard system security and uphold data integrity. |
|---|
| Fuente | ⚠️ https://github.com/jjjjj-zr/jjjjjzr18/issues/2 |
|---|
| Usuario | jjjjjzr (UID 92774) |
|---|
| Sumisión | 2025-12-26 07:15 (hace 4 meses) |
|---|
| Moderación | 2025-12-28 11:21 (2 days later) |
|---|
| Estado | Duplicado |
|---|
| Entrada de VulDB | 337598 [code-projects Simple Stock System 1.0 /market/chatuser.php secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 0 |
|---|