제출 #399338: SourceCodester Contact Manager with Export to VCF 1.0 Improper Neutralization of Alternate XSS Syntax정보

제목SourceCodester Contact Manager with Export to VCF 1.0 Improper Neutralization of Alternate XSS Syntax
설명A Stored XSS vulnerability found in Contact Manager with Export to VCF from SourceCodester where **contact_name** parameter (Contact Name) display field storing data in index.html line 105 ``` <thead> <tr> <th scope="col">Contact ID</th> 105 <th scope="col">Name</th> <th scope="col">Phone Number</th> <th scope="col">Email</th> <th scope="col">Action</th> </tr> </thead> ``` is not properly sanitized for prevention of XSS and vulnerable to stored XSS vulnerability Step to reporduce: 1. Product URL:https://www.sourcecodester.com/php/17556/contact-manager-export-vcf-using-php-and-mysql-source-code.html Download and setup this project 2. navigate to URL 3. Use this payload "><img src=x onerror=alert("document.cookie")> in the **Contact Name** field 4. Submit and Observe the XSS (advisory link add after CVE assignment)
사용자
 guru (UID 74056)
제출2024. 08. 28. PM 06:04 (2 연령 ago)
모더레이션2024. 08. 30. AM 07:43 (2 days later)
상태수락
VulDB 항목276212 [SourceCodester Contact Manager with Export to VCF 1.0 index.html contact_name 크로스 사이트 스크립팅]
포인트들17

Want to stay up to date on a daily basis?

Enable the mail alert feature now!