| 제목 | Authenticated cross-site scripting vulnerability via first name parameter at addsuppliers.php |
|---|
| 설명 | ## Summary:
An Authenticated stored cross-site scripting vulnerability via first name parameter at addsuppliers.php inside the admin panel was discovered.
## Vendor:
https://www.sourcecodester.com/php/16607/advance%C2%A0charity-management-system.html
## Download link:
https://www.sourcecodester.com/sites/default/files/download/Aown-Shah/members.zip
## Version:
v1.0
## Proof of Concept:
1. Login as admin
2. Click on Add Users
3. Input [1] in First name field and other data in other respective fields
4. Click ADD
5. Click on dashboard
6. XSS Pop-up
|
|---|
| 사용자 | kr1shna4garwal (UID 49100) |
|---|
| 제출 | 2023. 06. 18. PM 02:14 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 06. 18. PM 04:35 (2 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 231807 [PuneethReddyHC online-shopping-system-advanced 1.0 addsuppliers.php First name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|