| 제목 | sourcecodester Computer Inventory System 1.0 Stored XSS |
|---|
| 설명 | The Computer Inventory System hosted on SOURCECODESTER demonstrates a significant security vulnerability in the form of Stored Cross-Site Scripting (XSS) within its /endpoint/update-computer.php script. This issue arises due to the system's inadequate sanitization of user inputs for various fields, notably the model field. Malicious individuals can exploit this flaw by embedding JavaScript code within the input data, which is then stored and executed within the context of a legitimate user's session when the malicious data is rendered by the web application. The example provided illustrates how an attacker can inject an <img> tag embedded with JavaScript, triggered on the event of an error, to execute arbitrary scripts, such as displaying an alert box. This vulnerability underscores the critical need for thorough input validation and sanitization practices to prevent attackers from injecting and executing malicious scripts, which could lead to unauthorized actions being performed, access to sensitive information, and compromising the integrity of the web application. |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/STORED%20XSS%20upadte-computer.php%20.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 02. 28. PM 02:26 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 03. 01. AM 08:16 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 255383 [SourceCodester Computer Inventory System 1.0 update-computer.php model 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|