| 제목 | PHPGurukul Human Metapneumovirus (HMPV) – Testing Management System 1.0 Cross Site Scripting |
|---|
| 설명 | There is a Cross - Site Scripting (XSS) vulnerability on the `registered-user-testing.php` page. Although the front - end restricts the `regmobilenumber` input to numbers only, the back - end fails to validate, filter, or encode the output of this parameter.
Attackers can construct a malicious URL by setting the `regmobilenumber` parameter to `<script>alert("xss")</script>` and adding `search=Search` to simulate a search, bypassing the front - end restriction. When users visit the URL with these malicious parameters, the page will execute the script, triggering an "xss" alert box.
This high - risk vulnerability allows attackers to create sophisticated malicious scripts to steal users' session credentials and login information, redirect the page to malicious websites, or perform other malicious actions, severely threatening user privacy and system security. |
|---|
| 원천 | ⚠️ https://github.com/sorcha-l/cve/blob/main/Human%20Metapneumovirus%20(HMPV)%20%E2%80%93%20Testing%20Management%20System%20%20XSS%20in%20registered-user-testing.php.md |
|---|
| 사용자 | lxk_ (UID 81990) |
|---|
| 제출 | 2025. 03. 06. AM 10:56 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 16. PM 02:18 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 299870 [PHPGurukul Human Metapneumovirus Testing Management System 1.0 Registered Mobile Number Search registered-user-testing.php regmobilenumber 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|