| शीर्षक | SourceCodester Human Resource Management System in PHP 1.0 Cross Site Scripting |
|---|
| विवरण | A Stored Cross Site Scripting (XSS) vulnerability exists in SourceCodester Human Resource Management System in PHP 1.0. The application improperly sanitizes user supplied input before storing and rendering it in multiple modules including Country, City, Employee Profile and Address fields.
An authenticated attacker can inject malicious JavaScript payloads which are permanently stored in the backend database and automatically executed whenever an administrator or another user visits the affected page.
Successful exploitation may lead to session hijacking, privilege escalation, account takeover, arbitrary actions in victim context, phishing, and malicious redirection.
The vulnerability was reproduced successfully through multiple application inputs where attacker controlled content was rendered without output encoding. |
|---|
| स्रोत | ⚠️ https://medium.com/@gauravkumar67482/stored-cross-site-scripting-stored-xss-vulnerability-in-human-resource-management-system-in-php-1-0417152dd1be |
|---|
| उपयोगकर्ता | Gaurav kumar (UID 98267) |
|---|
| सबमिशन | 16/05/2026 06:50 PM (21 दिन पहले) |
|---|
| संयम | 04/06/2026 07:35 AM (19 days later) |
|---|
| स्थिति | प्रतिलिपि |
|---|
| VulDB प्रविष्टि | 210773 [SourceCodester Human Resource Management System 1.0 Add Employee First Name/Middle Name/Last Name क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 0 |
|---|