提出 #300037: SOURCECODESTER File Manager App 1.0 Stored XSS情報

タイトル	SOURCECODESTER File Manager App 1.0 Stored XSS
説明	The File Manager App is vulnerable to Stored Cross-Site Scripting (XSS) in /endpoint/add-file.php. This vulnerability arises from not sanitizing user inputs for fileTitle and fileUploader fields, allowing attackers to inject malicious JavaScript code. As demonstrated, submitting a file with a specially crafted fileTitle or fileUploader value can execute arbitrary JavaScript code, such as displaying an alert box. This highlights the necessity for stringent input validation and sanitization to prevent stored XSS vulnerabilities, thereby safeguarding the application and its users from potential malicious exploits.
ソース	⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/STORED%20XSS%20add-file.php.md
ユーザー	nochizplz (UID 64302)
送信	2024年03月17日 12:47 (2 年 ago)
モデレーション	2024年03月18日 17:06 (1 day later)
ステータス	重複
VulDBエントリ	243595 [SourceCodester File Manager App 1.0 endpoint/add-file.php uploadedFileName 特権昇格]
ポイント	0

Might our Artificial Intelligence support you?

Check our Alexa App!