| タイトル | EMPLOYEE_MANAGEMENT_SYSTEM v1.0 Stored XSS |
|---|
| 説明 | ## MPLOYEE_MANAGEMENT_SYSTEM file `370project/edit.php` contains a Stored XSS vulnerability
Impact of the vulnerability
An attacker can inject malicious JavaScript into an employee record by submitting a crafted value in the update form. When an administrator later opens the affected employee’s edit page, the payload is rendered in an HTML attribute context and can execute, potentially leading to:
- Session hijacking (stealing cookies/tokens)
- Account takeover (performing actions as the admin)
- Phishing/UI redress (injecting fake forms or modifying page content)
### Payload:
"><sCrIpT>alert(555)</sCrIpT>
### Sources download:
https://code-projects.org/employee-management-system-in-php-with-source-code/ |
|---|
| ソース | ⚠️ https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul4.md |
|---|
| ユーザー | SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (UID 97200) |
|---|
| 送信 | 2026年04月09日 08:49 (2 月 ago) |
|---|
| モデレーション | 2026年04月26日 18:01 (17 days later) |
|---|
| ステータス | 重複 |
|---|
| VulDBエントリ | 359670 [code-projects Employee Management System 1.0 370project/edit.php 識別子 クロスサイトスクリプティング] |
|---|
| ポイント | 0 |
|---|