| शीर्षक | SourceCodester Contact Manager with Export to VCF 1.0 Improper Neutralization of Alternate XSS Syntax |
|---|
| विवरण | A Stored XSS vulnerability found in Contact Manager with Export to VCF from SourceCodester where **contact_name** parameter (Contact Name) display field storing data in
index.html line 105
```
<thead>
<tr>
<th scope="col">Contact ID</th>
105 <th scope="col">Name</th>
<th scope="col">Phone Number</th>
<th scope="col">Email</th>
<th scope="col">Action</th>
</tr>
</thead>
```
is not properly sanitized for prevention of XSS and vulnerable to stored XSS vulnerability
Step to reporduce:
1. Product URL:https://www.sourcecodester.com/php/17556/contact-manager-export-vcf-using-php-and-mysql-source-code.html
Download and setup this project
2. navigate to URL
3. Use this payload "><img src=x onerror=alert("document.cookie")> in the **Contact Name** field
4. Submit and Observe the XSS
(advisory link add after CVE assignment) |
|---|
| उपयोगकर्ता | guru (UID 74056) |
|---|
| सबमिशन | 28/08/2024 06:04 PM (2 साल पहले) |
|---|
| संयम | 30/08/2024 07:43 AM (2 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 276212 [SourceCodester Contact Manager with Export to VCF 1.0 index.html contact_name क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 17 |
|---|