| 제목 | Codeastro Stock Management System 1 Cross-Site Scripting |
|---|
| 설명 | Project Name: Stock Management System
Vendor: codeastro.com
Project Link: [Stock Management System]( https://codeastro.com/stock-management-system-in-php-with-source-code/)
Vulnerability Type: Cross-site Scripting
Affected Parameter: http://localhost/StockManagementSystem/index.php
Severity: Medium
Description:
The Stock Management System is vulnerable to cross-site scripting attack in index.php when an attacker enters a script payload in the “Category Name”, “Category Description” of the ADD CATEGORY button at Categories module. When the user click on the categories module the alert prompt will be popping up.
Exploited Parameter:
- Category Name and Category Description field of the ADD CATEGORY button in the Categories module.
Payloads Used:
<script>alert(“category”)</script>
<script>alert(“categoryd”)</script>
Recommendations:
1. *Input Validation:* Implement strict input validation to prevent XSS injection.
2. *Update System:* Keep the Stock Management System, PHP, and server components up-to-date with the latest security patches.
3. *Security Audits:* Regularly audit system security and consider professional assessments to identify and fix vulnerabilities.
4. *Education:*The application developers on secure coding practices, emphasizing input validation and secure database handling.
Timeline:
- Discovery Date: [23/01/2024]
|
|---|
| 원천 | ⚠️ https://drive.google.com/drive/folders/17JTwjuT09q7he_oXkMtZS5jyyXw8ZIgg?usp=sharing |
|---|
| 사용자 | Mohammed Aashique (UID 62025) |
|---|
| 제출 | 2024. 01. 23. AM 08:31 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 01. 26. PM 06:11 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 252203 [CodeAstro Stock Management System 1.0 Add Category /index.php Category Name/Category Description 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|