| शीर्षक | EMPLOYEE_MANAGEMENT_SYSTEM v1.0 Stored XSS |
|---|
| विवरण | ## MPLOYEE_MANAGEMENT_SYSTEM file `370project/edit.php` contains a Stored XSS vulnerability
Impact of the vulnerability
An attacker can inject malicious JavaScript into an employee record by submitting a crafted value in the update form. When an administrator later opens the affected employee’s edit page, the payload is rendered in an HTML attribute context and can execute, potentially leading to:
- Session hijacking (stealing cookies/tokens)
- Account takeover (performing actions as the admin)
- Phishing/UI redress (injecting fake forms or modifying page content)
### Payload:
"><sCrIpT>alert(555)</sCrIpT>
### Sources download:
https://code-projects.org/employee-management-system-in-php-with-source-code/ |
|---|
| स्रोत | ⚠️ https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul4.md |
|---|
| उपयोगकर्ता | SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (UID 97200) |
|---|
| सबमिशन | 09/04/2026 08:49 AM (2 महीनों पहले) |
|---|
| संयम | 26/04/2026 06:01 PM (17 days later) |
|---|
| स्थिति | प्रतिलिपि |
|---|
| VulDB प्रविष्टि | 359670 [code-projects Employee Management System 1.0 370project/edit.php पहचान क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 0 |
|---|