Soumettre #100619: Gadget Works Online Ordering System v1.0 /philosophy/admin/user/controller.php?action=add POST parameter U_NAME exists Stored Cross Site Scriptinginformation

TitreGadget Works Online Ordering System v1.0 /philosophy/admin/user/controller.php?action=add POST parameter U_NAME exists Stored Cross Site Scripting
DescriptionAn issue was discovered in Gadget Works Online Ordering System v1.0. There is a stored cross site scripting vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /philosophy/admin/user/controller.php?action=add post parameter U_NAME. Payload:<script>alert(document.cookie)</script>
La source⚠️ https://github.com/heitaoa999/bug_report/blob/main/vendors/janobe/Gadget%20Works%20Online%20Ordering%20System/XSS-1.md
Utilisateur
 heitaoa999 (UID 42741)
Soumission12/03/2023 05:03 (il y a 3 ans)
Modérer12/03/2023 08:14 (3 hours later)
StatutAccepté
Entrée VulDB222862 [SourceCodester Gadget Works Online Ordering System 1.0 Add New User controller.php?action=add U_NAME cross site scripting]
Points19

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!