| タイトル | Bdtask Bhojon All-In-One Restaurant Management System Latest Stored Cross-Site Scripting |
|---|
| 説明 | A critical Stored Cross-Site Scripting (Persistent XSS) vulnerability exists in Bdtask’s Bhojon All-In-One Restaurant Management System, specifically within the Profile Update / User Information module. The application fails to sanitize or encode user-supplied input before storing it and rendering it back on the profile page. By injecting a payload such as <script>alert(1)</script> into the Profile field, an attacker can store malicious JavaScript that executes every time the profile page is loaded. This results in persistent script execution across sessions and users, enabling session theft, account takeover, privilege escalation, admin compromise, phishing attacks, and malware injection. The issue affects the latest demo version available at the vendor’s site. |
|---|
| ソース | ⚠️ https://github.com/4m3rr0r/PoCVulDb/issues/12 |
|---|
| ユーザー | 4m3rr0r (UID 85795) |
|---|
| 送信 | 2026年01月16日 11:24 (5 月 ago) |
|---|
| モデレーション | 2026年01月29日 09:44 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 343360 [Bdtask Bhojon All-In-One Restaurant Management System 迄 20260116 User Information /dashboard/home/profile fullname クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|