जमा करें #780417: SourceCodester Leave Application System in PHP and SQLite3 1.0 Cross Site Scriptingजानकारी

शीर्षकSourceCodester Leave Application System in PHP and SQLite3 1.0 Cross Site Scripting
विवरणA Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Leave Application System in PHP and SQLite3 developed by oretnom23. The application fails to properly sanitize user-supplied input in multiple fields such as employee name, department, and user management fields. An attacker can inject malicious JavaScript payloads which are stored in the database and executed automatically when the affected page is viewed by other users. Example payload used during testing: <img src=x onerror=alert('Spider')> Steps to reproduce: 1. Login to the application. 2. Navigate to Add Employee or Add User. 3. Insert the payload into an input field. Payload : <img src=x onerror=alert('Spider')> 4. Save the entry. 5. Navigate to the listing page. The payload is stored in the database and executed when the page This vulnerability may allow attackers to execute arbitrary JavaScript, hijack administrator sessions, or perform actions on behalf of other users.
स्रोत⚠️ https://medium.com/@hemantrajbhati5555/stored-cross-site-scripting-xss-in-php-leave-application-system-3260c881a1fa
उपयोगकर्ता Hemant Raj Bhati (UID 95613)
सबमिशन15/03/2026 11:58 AM (4 महीनों पहले)
संयम31/03/2026 12:18 PM (16 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि354345 [SourceCodester Leave Application System 1.0 User Management क्रॉस साइट स्क्रिप्टिंग]
अंक20

Do you need the next level of professionalism?

Upgrade your account now!