ajax.php POST parameter complaint_type exists stored cross-site scripting정보

제목	Multi Language Hotel Management Software v1.0 /sparkz/ajax.php POST parameter complaint_type exists stored cross-site scripting
설명	An issue was discovered in Multi Language Hotel Management Software v1.0. There is a stored cross-site scripting vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /sparkz/ajax.php post parameter complaint_type. Payload:complainant_name=1&complaint_type=<script>alert(document.cookie)</script>&complaint=2&createComplaint= Payload will trigger when a user visits on http://localhost/sparkz/index.php?complain
원천	⚠️ https://github.com/admin-passwd/bug_report/blob/main/XSS-1.md
사용자	getshell (UID 46326)
제출	2023. 05. 07. AM 04:39 (3 연령 ago)
모더레이션	2023. 05. 07. PM 04:43 (12 hours later)
상태	수락
VulDB 항목	228172 [SourceCodester Multi Language Hotel Management Software 1.0 POST Parameter ajax.php complaint_type 크로스 사이트 스크립팅]
포인트들	20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!