| タイトル | projectworlds Visitor Management System V 1.0 Cross Site Scripting |
|---|
| 説明 | During the security assessment of "Visitor Management System Project in PHP MySQL", a Cross-Site Scripting (XSS) vulnerability was identified in "/Visitor Management System in PHP/myform.php".
The vulnerability arises because the system fails to properly handle user-controlled input (or DOM element data) associated with the "": when attackers submit content containing malicious JavaScript code, the system does not filter, encode, or escape the code before rendering it into the front-end HTML. When other users (including privileged users such as administrators) access the affected page or interact with the affected element, the malicious code is executed in their browsers under the context of the current domain.
This issue can be exploited with low attack costs (no complex technical barriers) and may affect a large number of users if the affected page is publicly accessible or widely used, posing a significant threat to user account security and system data confidentiality. |
|---|
| ソース | ⚠️ https://github.com/tddgns/cve/issues/2 |
|---|
| ユーザー | tddgns (UID 90187) |
|---|
| 送信 | 2025年09月21日 14:42 (7 月 ago) |
|---|
| モデレーション | 2025年09月26日 14:04 (5 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 326106 [Projectworlds Visitor Management System 1.0 Add Visitor Page /myform.php 名前 クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|