| タイトル | SourceCodester Web-based Pharmacy Product Management System 1.0 Cross Site Scripting |
|---|
| 説明 | A stored cross-site scripting (XSS) vulnerability exists in SourceCodester Web-based Pharmacy Product Management System version 1.0. The vulnerability affects the profile update functionality in edit-profile.php, specifically the "fullname" parameter.
The application does not properly sanitize or encode user-supplied input before storing it in the database. An authenticated attacker can inject malicious JavaScript into the fullname field. The payload is stored persistently and rendered within the global application layout (e.g., header or navigation area).
As a result, the injected script executes automatically on every page load across the application after profile modification. Successful exploitation allows execution of arbitrary JavaScript in the context of authenticated users, potentially leading to session hijacking, privilege escalation, and unauthorized actions. |
|---|
| ソース | ⚠️ https://gist.github.com/Denilxavier/6b21cb788f7f545179286f6c44989448 |
|---|
| ユーザー | Denil Xavier (UID 95932) |
|---|
| 送信 | 2026年02月26日 16:39 (2 月 ago) |
|---|
| モデレーション | 2026年03月07日 21:51 (9 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 349744 [SourceCodester Web-based Pharmacy Product Management System 1.0 edit-profile.php fullname クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|