提出 #399338: SourceCodester Contact Manager with Export to VCF 1.0 Improper Neutralization of Alternate XSS Syntax情報

タイトルSourceCodester Contact Manager with Export to VCF 1.0 Improper Neutralization of Alternate XSS Syntax
説明A Stored XSS vulnerability found in Contact Manager with Export to VCF from SourceCodester where **contact_name** parameter (Contact Name) display field storing data in index.html line 105 ``` <thead> <tr> <th scope="col">Contact ID</th> 105 <th scope="col">Name</th> <th scope="col">Phone Number</th> <th scope="col">Email</th> <th scope="col">Action</th> </tr> </thead> ``` is not properly sanitized for prevention of XSS and vulnerable to stored XSS vulnerability Step to reporduce: 1. Product URL:https://www.sourcecodester.com/php/17556/contact-manager-export-vcf-using-php-and-mysql-source-code.html Download and setup this project 2. navigate to URL 3. Use this payload "><img src=x onerror=alert("document.cookie")> in the **Contact Name** field 4. Submit and Observe the XSS (advisory link add after CVE assignment)
ユーザー
 guru (UID 74056)
送信2024年08月28日 18:04 (2 年 ago)
モデレーション2024年08月30日 07:43 (2 days later)
ステータス承諾済み
VulDBエントリ276212 [SourceCodester Contact Manager with Export to VCF 1.0 index.html contact_name クロスサイトスクリプティング]
ポイント17

Want to know what is going to be exploited?

We predict KEV entries!