| Título | EMPLOYEE_MANAGEMENT_SYSTEM v1.0 Stored XSS |
|---|
| Descripción | ## MPLOYEE_MANAGEMENT_SYSTEM file `370project/edit.php` contains a Stored XSS vulnerability
Impact of the vulnerability
An attacker can inject malicious JavaScript into an employee record by submitting a crafted value in the update form. When an administrator later opens the affected employee’s edit page, the payload is rendered in an HTML attribute context and can execute, potentially leading to:
- Session hijacking (stealing cookies/tokens)
- Account takeover (performing actions as the admin)
- Phishing/UI redress (injecting fake forms or modifying page content)
### Payload:
"><sCrIpT>alert(555)</sCrIpT>
### Sources download:
https://code-projects.org/employee-management-system-in-php-with-source-code/ |
|---|
| Fuente | ⚠️ https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul4.md |
|---|
| Usuario | SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (UID 97200) |
|---|
| Sumisión | 2026-04-09 08:49 (hace 2 meses) |
|---|
| Moderación | 2026-04-26 18:01 (17 days later) |
|---|
| Estado | Duplicado |
|---|
| Entrada de VulDB | 359670 [code-projects Employee Management System 1.0 370project/edit.php ID secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 0 |
|---|