| शीर्षक | code-projects Fruit Shop Management System 1.0 Cross Site Scripting |
|---|
| विवरण | There is a stored Cross-Site Scripting (XSS) vulnerability in the products.php page. This page retrieves product information from the database (including fields such as product_code, gen_name, product_name, and supplier) and directly outputs it into the HTML table using echo without any HTML special character escaping.Attackers can exploit the product addition/editing functions to inject malicious JavaScript code into the aforementioned fields. When other users (including administrators) access the products.php page, the injected malicious scripts will be parsed and executed by the browser, leading to security risks such as session hijacking, sensitive information theft, phishing attacks, or permission abuse. |
|---|
| स्रोत | ⚠️ https://github.com/chen2496088236/CVE/issues/3 |
|---|
| उपयोगकर्ता | 111ctx (UID 89466) |
|---|
| सबमिशन | 26/08/2025 05:24 PM (9 महीनों पहले) |
|---|
| संयम | 02/09/2025 03:09 PM (7 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 322191 [code-projects Fruit Shop Management System 1.0 products.php product_code/gen_name/product_name/supplier क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|