| 제목 | SourceCodester Contact Manager with Export to VCF 1.0 Improper Neutralization of Alternate XSS Syntax |
|---|
| 설명 | A Stored XSS vulnerability found in Contact Manager with Export to VCF from SourceCodester where **contact_name** parameter (Contact Name) display field storing data in
index.html line 105
```
<thead>
<tr>
<th scope="col">Contact ID</th>
105 <th scope="col">Name</th>
<th scope="col">Phone Number</th>
<th scope="col">Email</th>
<th scope="col">Action</th>
</tr>
</thead>
```
is not properly sanitized for prevention of XSS and vulnerable to stored XSS vulnerability
Step to reporduce:
1. Product URL:https://www.sourcecodester.com/php/17556/contact-manager-export-vcf-using-php-and-mysql-source-code.html
Download and setup this project
2. navigate to URL
3. Use this payload "><img src=x onerror=alert("document.cookie")> in the **Contact Name** field
4. Submit and Observe the XSS
(advisory link add after CVE assignment) |
|---|
| 사용자 | guru (UID 74056) |
|---|
| 제출 | 2024. 08. 28. PM 06:04 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 08. 30. AM 07:43 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 276212 [SourceCodester Contact Manager with Export to VCF 1.0 index.html contact_name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|