提出 #148410: Purchase Order Management System v1.0 /purchase_order/classes/Master.php?f=save_item POST form-data parameter name=description exists stored cross-site scripting情報

タイトルPurchase Order Management System v1.0 /purchase_order/classes/Master.php?f=save_item POST form-data parameter name=description exists stored cross-site scripting
説明An issue was discovered in Purchase Order Management System v1.0. There is a stored cross-site scripting vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /purchase_order/classes/Master.php?f=save_item POST form-data parameter name="description". Steps to reproduce 1.Go to the admin Login 2.Click on Item List and Click on + Create New 3.Put Payload into the name=description parameter 4.Click on Save 5.Payload will trigger when a user visits on http://localhost/purchase_order/admin/?page=items
ソース⚠️ https://github.com/biantaibao/bug_report/blob/main/XSS-1.md
ユーザー
 biantaibao (UID 45650)
送信2023年04月25日 13:01 (3 年 ago)
モデレーション2023年04月25日 22:49 (10 hours later)
ステータス承諾済み
VulDBエントリ227463 [SourceCodester Purchase Order Management System 1.0 Master.php?f=save_item 説明 クロスサイトスクリプティング]
ポイント20

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!