| タイトル | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection |
|---|
| 説明 | Vulnerability Type: Cross-Site Scripting (XSS) – Stored - Category
Affected Product: Pizzafy Ecommerce System 1.0
Download: https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html
Vulnerable Endpoint:
POST /pizzafy/admin/ajax.php?action=save_category
Vulnerable Parameter:
------WebKitFormBoundaryKFUizOF0ZObYPAKg
Content-Disposition: form-data; name="name"
<script>alert(document.cookie)</script>
Description:
A Stored Cross-Site Scripting (XSS) vulnerability was identified in the application. User-supplied input is not properly sanitized or encoded before being stored and later rendered in the browser.
An attacker can inject malicious JavaScript code into a persistent field (such as name, description, or comments). When other users access the affected page, the injected script is executed in their browser context.
This allows attackers to perform actions such as session hijacking, credential theft, or unauthorized actions on behalf of the victim..
|
|---|
| ソース | ⚠️ https://github.com/joaodrmmd/VulDB-Reports/blob/main/XSS%20-%20Categoria.pdf |
|---|
| ユーザー | r3du (UID 97257) |
|---|
| 送信 | 2026年04月12日 18:52 (2 月 ago) |
|---|
| モデレーション | 2026年04月28日 12:26 (16 days later) |
|---|
| ステータス | 重複 |
|---|
| VulDBエントリ | 359919 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=save_category 名前 SQLインジェクション] |
|---|
| ポイント | 0 |
|---|