제출 #393338: SourceCodester Leads Manager Tool 1.0 Cross Site Scripting
| 제목 | SourceCodester Leads Manager Tool 1.0 Cross Site Scripting |
|---|---|
| 설명 | The vulnerability exists in the leads management tool where user input is not properly sanitized before being embedded into HTML and JavaScript contexts. Specifically, the phone_number parameter is susceptible to XSS due to the lack of proper output encoding. An attacker can inject malicious JavaScript code into this field, which, when viewed by other users, will be executed in their browser, potentially leading to data theft, session hijacking, or phishing attacks. |
| 원천 | ⚠️ https:/ |
| 사용자 | jadu101 (UID 70632) |
| 제출 | 2024. 08. 18. AM 04:45 (2 연령 ago) |
| 모더레이션 | 2024. 08. 19. PM 05:07 (2 days later) |
| 상태 | 수락 |
| VulDB 항목 | 275134 [SourceCodester Leads Manager Tool 1.0 update-leads.php phone_number 크로스 사이트 스크립팅] |
| 포인트들 | 20 |