Soumettre #150284: Simple Student Information System v1.0 /sis/classes/Master.php?f=save_course POST form-data parameter name exists stored cross-site scriptinginformation

TitreSimple Student Information System v1.0 /sis/classes/Master.php?f=save_course POST form-data parameter name exists stored cross-site scripting
DescriptionAn issue was discovered in Simple Student Information System v1.0. There is a stored cross-site scripting vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /sis/classes/Master.php?f=save_course POST form-data parameter name. Steps to reproduce 1.Go to the admin Login 2.Click on "Course List" and Click on "+ Add New Course". 3.Put Payload into the Course parameter 4.Click on Save 5.Payload will trigger when a user visits on http://localhost/sis/admin/?page=courses
La source⚠️ https://github.com/sssddc11/bug_report/blob/master/XSS-1.md
Utilisateur
 wangshiyou (UID 45923)
Soumission29/04/2023 05:03 (il y a 3 ans)
Modérer29/04/2023 09:03 (4 hours later)
StatutAccepté
Entrée VulDB227751 [SourceCodester Simple Student Information System 1.0 Add New Course Master.php?f=save_course Nom cross site scripting]
Points20

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!