जमा करें #854983: SourceCodester Online Book Store System 1.0 Stored Cross-Site Scripting (Authenticated)जानकारी

शीर्षकSourceCodester Online Book Store System 1.0 Stored Cross-Site Scripting (Authenticated)
विवरणAn authenticated Stored Cross-Site Scripting (XSS) vulnerability exists in the User Management module of the Online Book Store Management System developed by SourceCodester. The application fails to properly sanitize user-supplied input before storing and rendering it within administrative interfaces. An authenticated administrator can inject arbitrary JavaScript code into user-controllable fields. The malicious payload is stored in the backend database and executed whenever the affected record is viewed. Successful exploitation allows execution of arbitrary JavaScript in the context of the application, potentially leading to session hijacking, unauthorized actions, user impersonation, interface manipulation, and other client-side attacks. Steps to Reproduce: 1. Authenticate to the application as an administrator. 2. Navigate to the User Management section. 3. Create or modify a user record. 4. Insert the following payload into a user-controllable field: <script>alert(document.domain)</script> 5. Save the record. 6. View the affected user entry. The injected JavaScript executes automatically, confirming the presence of a Stored Cross-Site Scripting vulnerability.
स्रोत⚠️ https://medium.com/@gauravkumar67482/authenticated-stored-cross-site-scripting-xss-in-user-management-module-2c2ba72b2cdf
उपयोगकर्ता
 Gaurav kumar (UID 98267)
सबमिशन10/06/2026 10:25 AM (1 महीना पहले)
संयम12/07/2026 06:00 PM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि377877 [SourceCodester Online Book Store System 1.0 User Management Name/Username क्रॉस साइट स्क्रिप्टिंग]
अंक20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!