| タイトル | Sourcecodester Daily Habit Tracker 1.0 Stored XSS |
|---|
| 説明 | The Daily Habit Tracker web application has a vulnerability in its project assignment feature that allows for stored cross-site scripting (XSS) attacks. This vulnerability, categorized as CWE-79, occurs in the /endpoint/update-tracker.php component due to inadequate input handling during webpage creation. Attackers can exploit this by inserting harmful JavaScript code into the "day" parameter when assigning projects. Users who then view these assigned project names may unknowingly activate the injected script in their browsers, potentially leading to dangerous actions like session hijacking or data theft. A Proof of Concept (POC) is presented with a sample payload and HTTP request, along with a screenshot showing the successful execution of unauthorized scripts. |
|---|
| ソース | ⚠️ https://github.com/vanitashtml/CVE-Dumps/blob/main/Stored%20XSS%20Daily%20Habit%20Tracker.md |
|---|
| ユーザー | rjavenido22 (UID 64261) |
|---|
| 送信 | 2024年02月29日 14:26 (2 年 ago) |
|---|
| モデレーション | 2024年03月01日 08:41 (18 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 255391 [SourceCodester Daily Habit Tracker 1.0 update-tracker.php 日 クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|