| Titre | code-projects Client Details System V1.0 Stored Cross-Site Scripting |
|---|
| Description | The “Client Details” listing page displays persisted user-supplied data without encoding. If an attacker saves a payload such as <script>alert(1)</script> in any displayed field (e.g., First Name, U‑Name, Email, or an uploaded filename), the payload is executed when the page is loaded. The screenshot shows a JavaScript alert firing on update-clients.php , evidencing successful stored XSS. |
|---|
| La source | ⚠️ https://github.com/hellonewbie/tutorial/issues/10 |
|---|
| Utilisateur | LiuJiYing (UID 91591) |
|---|
| Soumission | 13/10/2025 15:21 (il y a 6 mois) |
|---|
| Modérer | 26/10/2025 17:17 (13 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 329952 [code-projects Client Details System 1.0 /admin/manage-users.php cross site scripting] |
|---|
| Points | 20 |
|---|