जमा करें #855978: code-projects Online Job Portal System 1.0 Improper Neutralization of Alternate XSS Syntaxजानकारी

शीर्षकcode-projects Online Job Portal System 1.0 Improper Neutralization of Alternate XSS Syntax
विवरणDuring a security review of "Online Job Portal System", stored Cross-Site Scripting (XSS) vulnerabilities were discovered across /News.php, /Admin/DetailJob.php, and /Admin/EditUser.php. All dynamic database output is rendered directly into HTML without htmlspecialchars() encoding. Since the system also suffers from SQL injection vulnerabilities, an attacker can inject malicious JavaScript directly into database fields via UNION-based SQL injection. When an administrator or job seeker views the affected pages, the malicious JavaScript executes in their browser context, stealing session cookies or performing actions on their behalf. Additionally, plaintext passwords are exposed in HTML form values on /Admin/EditUser.php.
स्रोत⚠️ https://github.com/shihuizhang-dazhi/MY-CVE/issues/7
उपयोगकर्ता
 dazhi (UID 87857)
सबमिशन11/06/2026 12:59 PM (1 महीना पहले)
संयम13/07/2026 11:19 PM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि378168 [code-projects Online Job Portal 1.0 /Admin/DetailJob.php क्रॉस साइट स्क्रिप्टिंग]
अंक20

Do you want to use VulDB in your project?

Use the official API to access entries easily!