提出 #171058: Stored cross-site scripting vulnerability via Room/Cottage Number field on manage_room in resort reservation system情報

タイトルStored cross-site scripting vulnerability via Room/Cottage Number field on manage_room in resort reservation system
説明## Summary: I have discovered that the Stored cross-site scripting vulnerability via Room/Cottage Number field on manage_room in resort management system. ## Vendor: https://www.sourcecodester.com/php/16447/resort-reservation-system-php-and-sqlite3-source-code-free-download.html ## Name: Resort management system ## Version: v1.0 ## Proof Of Concept: 1. Login to the application and go to http://192.168.1.7/php-sqlite-rrs/?page=rooms 2. Click add room button 3. Input the [1] in Room/Cottage Number field 4. Enter any random data in other fields 5. Save 6. Stored XSS [1] - <script/"<a"/src=data:=".<a,[document.cookie].some(confirm)>
ユーザー
 kr1shna4garwal (UID 49100)
送信2023年06月18日 12:12 (3 年 ago)
モデレーション2023年06月18日 13:23 (1 hour later)
ステータス承諾済み
VulDBエントリ231805 [SourceCodester Resort Reservation System 1.0 Manage Room Page ?page=rooms Cottage Number クロスサイトスクリプティング]
ポイント17

Want to know what is going to be exploited?

We predict KEV entries!