제출 #271724: Codeastro Stock Management System 1 Cross-Site Scripting정보

제목Codeastro Stock Management System 1 Cross-Site Scripting
설명Project Name: Stock Management System Vendor: codeastro.com Project Link: [Stock Management System]( https://codeastro.com/stock-management-system-in-php-with-source-code/) Vulnerability Type: Cross-site Scripting Affected Parameter: http://localhost/StockManagementSystem/index.php Severity: Medium Description: The Stock Management System is vulnerable to cross-site scripting attack in index.php when an attacker enters a script payload in the “Category Name”, “Category Description” of the ADD CATEGORY button at Categories module. When the user click on the categories module the alert prompt will be popping up. Exploited Parameter: - Category Name and Category Description field of the ADD CATEGORY button in the Categories module. Payloads Used: <script>alert(“category”)</script> <script>alert(“categoryd”)</script> Recommendations: 1. *Input Validation:* Implement strict input validation to prevent XSS injection. 2. *Update System:* Keep the Stock Management System, PHP, and server components up-to-date with the latest security patches. 3. *Security Audits:* Regularly audit system security and consider professional assessments to identify and fix vulnerabilities. 4. *Education:*The application developers on secure coding practices, emphasizing input validation and secure database handling. Timeline: - Discovery Date: [23/01/2024]
원천⚠️ https://drive.google.com/drive/folders/17JTwjuT09q7he_oXkMtZS5jyyXw8ZIgg?usp=sharing
사용자
 Mohammed Aashique (UID 62025)
제출2024. 01. 23. AM 08:31 (2 연령 ago)
모더레이션2024. 01. 26. PM 06:11 (3 days later)
상태수락
VulDB 항목252203 [CodeAstro Stock Management System 1.0 Add Category /index.php Category Name/Category Description 크로스 사이트 스크립팅]
포인트들20

Might our Artificial Intelligence support you?

Check our Alexa App!