| 제목 | SourceCodester Prison Management System 1.0 Cross Site Scripting |
|---|
| 설명 | A vulnerability has been discovered in SourceCodester Prison Management System 1.0. This issue affects the file /Employee/edit-profile.php and /Employee/profile.php, where several parameters including txtfullname, txtdob, txtaddress, txtqualification, cmddept, cmdemployeetype, and txtappointment are echoed directly into the HTML without proper sanitization or validation. This oversight allows attackers to inject arbitrary JavaScript code into the page, leading to potential cross-site scripting (XSS) attacks. |
|---|
| 원천 | ⚠️ https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/xss.md |
|---|
| 사용자 | yylm (UID 67976) |
|---|
| 제출 | 2024. 05. 05. AM 08:47 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 05. 05. AM 09:07 (21 minutes later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 263116 [SourceCodester Prison Management System 1.0 edit-profile.php 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|