| 제목 | PHPGurukul Blood Bank & Donor Management System 2.4 Improper Input Validation |
|---|
| 설명 | A Cross-Site Scripting (XSS) vulnerability exists in the /bbdms/admin/update-contactinfo.php endpoint.
This vulnerability is triggered when an admin updates the Address field with a specially crafted, obfuscated payload
//%0D%0A%0d%0a//</stYle/</titLe/</teXt
arEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(document.cookie)//>\x3e
Upon successful exploitation, the injected payload is executed on the main page (/bbdms/), exposing the administrator's cookies. This can lead to session hijacking or other malicious activities. |
|---|
| 사용자 | Lo1x (UID 79468) |
|---|
| 제출 | 2024. 12. 26. PM 02:04 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 12. 26. PM 06:22 (4 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 289358 [PHPGurukul Blood Bank & Donor Management System 2.4 update-contactinfo.php Address 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|