提出 #149057: Online DJ Management System v1.0 /odjms/classes/Master.php?f=save_event POST form-data parameter name=name exists stored cross-site scripting情報

タイトルOnline DJ Management System v1.0 /odjms/classes/Master.php?f=save_event POST form-data parameter name=name exists stored cross-site scripting
説明An issue was discovered in Online DJ Management System v1.0. There is a stored cross-site scripting vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /odjms/classes/Master.php?f=save_event POST form-data parameter name="name". Steps to reproduce 1.Go to the admin Login 2.Click on Event List and Click on + Add New. 3.Put Payload into the name=name parameter. 4.Click on Save 5.Payload will trigger when a user visits on http://localhost/odjms/admin/?page=events
ソース⚠️ https://github.com/yoyoyoyoyohane/bug_report/blob/main/XSS-1.md
ユーザー
 yohane (UID 45724)
送信2023年04月26日 13:32 (3 年 ago)
モデレーション2023年04月28日 13:19 (2 days later)
ステータス承諾済み
VulDBエントリ227648 [SourceCodester Online DJ Management System 1.0 Master.php?f=save_event 名前 クロスサイトスクリプティング]
ポイント20

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!