| 제목 | code-projects Pharmacy Management System 1.0 Cross Site Scripting |
|---|
| 설명 | A stored XSS vulnerability has been identified in the Pharmacy Management System version 1.0, specifically within the customer update functionality. This flaw occurs because user input fields, such as the name, address, or doctor_address parameters, are not properly sanitized. An attacker can inject malicious JavaScript code, which is stored in the database and executed each time the affected page is accessed.
The persistence of this XSS attack poses a high risk, as it can impact both administrators and users by enabling:
Session hijacking
Theft of sensitive information (e.g., login credentials)
Privilege escalation
Defacement or manipulation of web content
This vulnerability could allow attackers to perform more dangerous actions, such as stealing authentication cookies or altering critical data without detection. |
|---|
| 원천 | ⚠️ https://gist.github.com/higordiego/0dae6dd4a36acd12bcc408caf1c787d9 |
|---|
| 사용자 | c4ttr4ck (UID 75518) |
|---|
| 제출 | 2024. 10. 19. PM 07:16 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 10. 20. PM 08:49 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 281024 [code-projects Pharmacy Management System 1.0 Manage Medicines Page /manage_medicine.php name/address/doctor_address/suppliers_name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|