| 제목 | Sourcecodester Daily Habit Tracker 1.0 Stored XSS |
|---|
| 설명 | The Daily Habit Tracker web application has a vulnerability in its project assignment feature that allows for stored cross-site scripting (XSS) attacks. This vulnerability, categorized as CWE-79, occurs in the /endpoint/update-tracker.php component due to inadequate input handling during webpage creation. Attackers can exploit this by inserting harmful JavaScript code into the "day" parameter when assigning projects. Users who then view these assigned project names may unknowingly activate the injected script in their browsers, potentially leading to dangerous actions like session hijacking or data theft. A Proof of Concept (POC) is presented with a sample payload and HTTP request, along with a screenshot showing the successful execution of unauthorized scripts. |
|---|
| 원천 | ⚠️ https://github.com/vanitashtml/CVE-Dumps/blob/main/Stored%20XSS%20Daily%20Habit%20Tracker.md |
|---|
| 사용자 | rjavenido22 (UID 64261) |
|---|
| 제출 | 2024. 02. 29. PM 02:26 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 03. 01. AM 08:41 (18 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 255391 [SourceCodester Daily Habit Tracker 1.0 update-tracker.php 일 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|