| शीर्षक | EMPLOYEE_MANAGEMENT_SYSTEM v1.0 Stored XSS |
|---|
| विवरण | ## EMPLOYEE_MANAGEMENT_SYSTEM file `370project/mark.php` contains a Stored XSS vulnerability
Impact of the vulnerability
An attacker can inject JavaScript into a project record by submitting a crafted value in the “Assign Mark” form. When an administrator later opens the same project marking page, the injected script is rendered into an HTML attribute context and may execute, which can lead to:
- Session hijacking (stealing cookies/tokens)
- Account takeover (performing actions as the admin)
- Phishing/UI manipulation (modifying page content to deceive users)
### Payload:
"><sCrIpT>alert(1)</ScRiPt>
### Sources download:
https://code-projects.org/employee-management-system-in-php-with-source-code/ |
|---|
| स्रोत | ⚠️ https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul7.md |
|---|
| उपयोगकर्ता | SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (UID 97200) |
|---|
| सबमिशन | 09/04/2026 08:53 AM (2 महीनों पहले) |
|---|
| संयम | 26/04/2026 06:01 PM (17 days later) |
|---|
| स्थिति | प्रतिलिपि |
|---|
| VulDB प्रविष्टि | 359716 [code-projects Employee Management System 1.0 370project/mark.php क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 0 |
|---|