| 제목 | Reflective XSS vulnerability in Stock Management System |
|---|
| 설명 | In processlogin PHP, in lines 18-25 of the code, the parameters entered by the front end are brought into the database for associated table query, and then the results of database execution are returned. After the 27th line of code, judge the results of database execution, and return the output results to the front end, which is shown in the interface. Payload is 1 '<script>alert (1)</script>, that is, after the statement is closed, return it to the front end, and output it on the front end, causing XSS vulnerabilities. |
|---|
| 원천 | ⚠️ https://github.com/rickxy/Stock-Management-System/issues/3 |
|---|
| 사용자 | ace. (UID 34853) |
|---|
| 제출 | 2022. 11. 21. PM 12:56 (4 연령 ago) |
|---|
| 모더레이션 | 2022. 11. 24. AM 10:18 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 214324 [rickxy Stock Management System /pages/processlogin.php 사용자 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|