| タイトル | Code-projects Simple Stock System v1.0 Stored XSS vulnerability |
|---|
| 説明 | A storage-type XSS vulnerability was found in the "chatuser.php " file of the "Simple Stock System" project. The root cause is that the program inserts the raw data retrieved by "$_POST" directly into the "chat_table". If an attacker sends a Payload (e.g."<img src=x onerror=alert(1)>"), the code will store it permanently in the database. When a user requests to view a chat history, "echo $msg_list" sends malicious code from the database to the browser of each user who visits the chat page. Immediate corrective actions are essential to safeguard system security and uphold data integrity. |
|---|
| ソース | ⚠️ https://github.com/jjjjj-zr/jjjjjzr18/issues/2 |
|---|
| ユーザー | jjjjjzr (UID 92774) |
|---|
| 送信 | 2025年12月26日 07:15 (4 月 ago) |
|---|
| モデレーション | 2025年12月28日 11:21 (2 days later) |
|---|
| ステータス | 重複 |
|---|
| VulDBエントリ | 337598 [code-projects Simple Stock System 1.0 /market/chatuser.php クロスサイトスクリプティング] |
|---|
| ポイント | 0 |
|---|