| 제목 | sourcecodester Computer Inventory System 1.0 Stored xss |
|---|
| 설명 | The Computer Inventory System developed by SOURCECODESTER is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability within its /endpoint/add-computer.php component. This vulnerability arises from the application's inadequate sanitization of user-supplied data in the model field during the computer addition process. Malicious actors can exploit this vulnerability by submitting a specially crafted request containing a malicious script in the model parameter. When this data is later displayed by the system without proper encoding, the malicious script is executed in the context of the victim's browser. The provided HTTP request example clearly demonstrates how an attacker could inject an <img> tag with a JavaScript onerror event to execute arbitrary JavaScript code, such as displaying an alert box. This vulnerability highlights the critical importance of implementing robust data validation and sanitization practices to prevent the introduction of XSS vulnerabilities in web applications. |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/STORED%20XSS%20add-computer.php%20.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 02. 28. PM 02:08 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 03. 01. AM 08:16 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 255381 [SourceCodester Computer Inventory System 1.0 add-computer.php model 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|