| 제목 | https://www.sourcecodester.com/php/17847/employee-management-sys Employee Management System 1.0 Cross Site Scripting (XSS) |
|---|
| 설명 | In the `employee.php` page, when adding an employee, the `Full Name` field of the `employee` does not properly filter or validate user input. An attacker can exploit this vulnerability by injecting malicious scripts, such as `<script>alert('xss')</script>`. These scripts are stored in the database and rendered/executed every time the `employee.php` page is accessed, leading to a cross-site scripting (XSS) attack.
This vulnerability is a stored XSS attack, where attackers can store malicious scripts in the database to affect other users over an extended period. This could potentially lead to session hijacking, page content tampering, or other malicious actions. This issue needs to be addressed promptly to prevent data leakage and unauthorized page modifications. |
|---|
| 원천 | ⚠️ https://github.com/sorcha-l/cve/blob/main/Employee%20Management%20System%20by%20rems%20has%20xss.md |
|---|
| 사용자 | lxk_ (UID 81990) |
|---|
| 제출 | 2025. 02. 26. AM 09:02 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 03. PM 07:40 (5 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 298425 [SourceCodester Employee Management System 1.0 employee.php Full Name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|