| 제목 | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 Reflected XSS |
|---|
| 설명 | The Online College Event Hall Reservation System has a Reflected Cross-Site Scripting (XSS) vulnerability in its `/admin/update-rooms.php` script. This vulnerability allows attackers to inject arbitrary JavaScript code through the `id` parameter, as shown in the proof of concept where an `img` tag with a JavaScript `onerror` event is used to execute an alert box. This issue highlights the necessity for proper input sanitization and encoding to prevent malicious script execution, safeguarding the application and its users from potential XSS attacks. |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20update-rooms.php.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 03. 08. AM 05:49 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 03. 15. PM 05:29 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 256967 [MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /admin/update-rooms.php 아이디 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|