| タイトル | https://www.sourcecodester.com/php/17847/employee-management-sys Employee Management System 1.0 Cross Site Scripting (XSS) |
|---|
| 説明 | In the `employee.php` page, when adding an employee, the `Full Name` field of the `employee` does not properly filter or validate user input. An attacker can exploit this vulnerability by injecting malicious scripts, such as `<script>alert('xss')</script>`. These scripts are stored in the database and rendered/executed every time the `employee.php` page is accessed, leading to a cross-site scripting (XSS) attack.
This vulnerability is a stored XSS attack, where attackers can store malicious scripts in the database to affect other users over an extended period. This could potentially lead to session hijacking, page content tampering, or other malicious actions. This issue needs to be addressed promptly to prevent data leakage and unauthorized page modifications. |
|---|
| ソース | ⚠️ https://github.com/sorcha-l/cve/blob/main/Employee%20Management%20System%20by%20rems%20has%20xss.md |
|---|
| ユーザー | lxk_ (UID 81990) |
|---|
| 送信 | 2025年02月26日 09:02 (1 年 ago) |
|---|
| モデレーション | 2025年03月03日 19:40 (5 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 298425 [SourceCodester Employee Management System 1.0 employee.php Full Name クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|