| タイトル | code-projects Online-Blog-Admin-System-PHP-Project 1.0 Cross Site Scripting |
|---|
| 説明 | A critical stored Cross-Site Scripting (XSS) vulnerability was identified in the Online Blog Admin System (v1.0) within the pageViewMembers.php page. The vulnerability arises from unsanitized user input rendered in the member table (e.g., Full Name, Address, City, Phone), allowing payloads like <script>alert("XSS by 0xCaptainFahim")</script> to execute. Additional risks include outdated Bootstrap 3.3.4 and jQuery 1.12.4 libraries and default admin credentials.
Type: Cross-Site Scripting (XSS)
Severity: Critical (Stored XSS); Medium (Other Issues)
Affected Component: pageViewMembers.php
Affected URL: http://localhost/responsive/resblog/blogadmin/admin/pageViewMembers.php
Vulnerable Parameter: User input fields (Full Name, Address, City, Phone) |
|---|
| ソース | ⚠️ https://gist.github.com/0xCaptainFahim/8bb9021dcea33863eaf0279aaca2671c |
|---|
| ユーザー | 0xCaptainFahim (UID 86447) |
|---|
| 送信 | 2025年06月11日 22:36 (10 月 ago) |
|---|
| モデレーション | 2025年06月19日 12:49 (8 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 313342 [code-projects Responsive Blog 1.0/1.12.4/3.3.4 pageViewMembers.php クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|