| タイトル | Unauthenticated Cross Site Scripting Vulnerability in Sanitization Management System |
|---|
| 説明 | The Sanitization Management System distributed by sourcecodester.com (https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html) is vulnerable to unauthenticated Cross Site Scripting (php-sms/?p=request_quote). An attacker can craft a malicious Quote Request where both the Address and the Remarks Input Fields can be abused. Since the cookie does not have the HttpOnly flag it can be stolen whenever a logged-in user opens the Request in the Management Dashboard. |
|---|
| ユーザー | maikroservice (UID 35150) |
|---|
| 送信 | 2022年11月05日 11:37 (4 年 ago) |
|---|
| モデレーション | 2022年11月11日 08:18 (6 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 213449 [SourceCodester Sanitization Management System 1.0 Quote Requests Form php-sms/?p=request_quote クロスサイトスクリプティング] |
|---|
| ポイント | 17 |
|---|