| Titolo | Multi Language Hotel Management Software v1.0 /sparkz/ajax.php POST parameter complaint_type exists stored cross-site scripting |
|---|
| Descrizione | An issue was discovered in Multi Language Hotel Management Software v1.0.
There is a stored cross-site scripting vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /sparkz/ajax.php post parameter complaint_type.
Payload:complainant_name=1&complaint_type=<script>alert(document.cookie)</script>&complaint=2&createComplaint=
Payload will trigger when a user visits on http://localhost/sparkz/index.php?complain |
|---|
| Fonte | ⚠️ https://github.com/admin-passwd/bug_report/blob/main/XSS-1.md |
|---|
| Utente | getshell (UID 46326) |
|---|
| Sottomissione | 07/05/2023 04:39 (3 anni fa) |
|---|
| Moderazione | 07/05/2023 16:43 (12 hours later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 228172 [SourceCodester Multi Language Hotel Management Software 1.0 POST Parameter ajax.php complaint_type cross site scripting] |
|---|
| Punti | 20 |
|---|