| タイトル | projectworlds Lawyer Management System v1.0 Cross Site Scripting |
|---|
| 説明 | During a security assessment of the Lawyer Management System, a stored cross-site scripting (XSS) vulnerability was discovered in the lawyer registration functionality. The application fails to validate or sanitize the ‘first_Name’ input field during registration, and subsequently outputs this data unsanitized on the public ‘/lawyers.php’ page. An attacker can register as a lawyer with a malicious payload in the first name field. Once the account is activated (or automatically activated), any visitor – including administrators and other users – who browses the lawyer list will trigger the payload. This can lead to complete compromise of user sessions and sensitive data exposure. |
|---|
| ソース | ⚠️ https://github.com/eqiya17/collection-of-vulnerability/issues/1 |
|---|
| ユーザー | WangYiQi (UID 96144) |
|---|
| 送信 | 2026年03月09日 09:46 (2 月 ago) |
|---|
| モデレーション | 2026年03月22日 13:05 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 352434 [projectworlds Lawyer Management System 1.0 /lawyers.php first_Name クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|