Submit #48136: Purchase Order Management System - Multiple Persistent XSS
| Title | Purchase Order Management System - Multiple Persistent XSS |
|---|---|
| Description | # Exploit Title: Purchase Order Management System - Multiple Persistent XSS # Exploit Author: Kshitij Rewandkar # Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html # Software Link: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html # Version: v1.0 # Tested on: Windows 11, Apache Description: A Persistent XSS issue in Purchase Order Management System v1.0 allows to inject Arbitrary JavaScript in Multiple Supplier create Parameter. Parameters Vulnerable: A) Supplier Name B) Address C) Contact person D) Contact Payload: <script>confirm(1)</script> Steps: 1) Login into your account 2) Now go to "Supplier List" and create a new file. 3) Now put the payload in the below parameter: A) Supplier Name B) Address C) Contact person D) Contact Payload: <script>confirm(1)</script> 4) Now save the details and our payload has been executed |
| Source | ⚠️ https:/ |
| User | DisguisedRoot (ID 33702) |
| Submission | 13/10/2022 20:37 (2 years ago) |
| Moderation | 14/10/2022 09:05 (12 hours later) |
| Accepted | Accepté |
| VulDB Entry | VDB-210832 |