| शीर्षक | Performance Indicator System v1.0 /opils/admin/addproduct.php post form parameters prodname exists stored cross-site scripting vulnerability |
|---|
| विवरण | An issue was discovered in Performance Indicator System v1.0.
There is a stored cross-site scripting vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /opils/admin/addproduct.php post form parameters prodname.
Payload:<script>alert(document.cookie)</script>
Payload will trigger when a user visits on http://localhost/opils/admin/product.php |
|---|
| स्रोत | ⚠️ https://github.com/wenwochunfeng/bugReport/blob/main/XSS.md |
|---|
| उपयोगकर्ता | BaiXiJun (UID 48383) |
|---|
| सबमिशन | 09/06/2023 10:33 AM (3 साल पहले) |
|---|
| संयम | 09/06/2023 02:39 PM (4 hours later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 231163 [SourceCodester Performance Indicator System 1.0 /admin/addproduct.php prodname क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|