| 제목 | PHPGurukul COVID-19 Testing Management System 2021 version Cross-Site Scripting (XSS) |
|---|
| 설명 | The search-report-result.php endpoint of the COVID-19 Testing Management System is vulnerable to reflected Cross-Site Scripting (XSS). User-supplied input passed through the q parameter is improperly handled and reflected into the HTML response without appropriate sanitization. This enables an attacker to inject arbitrary JavaScript code into the victim’s browser.
When a user submits a search query, the application reflects the input directly into the page, making it susceptible to XSS. An attacker can craft a malicious URL and trick a victim into clicking it, resulting in the execution of JavaScript, such as cookie theft or session hijacking.
Affected Endpoint:
/search-report-result.php using with this payload<img src=x onerror=alert(document.cookie)>
|
|---|
| 원천 | ⚠️ http://localhost/covid-tms/search-report-result.php |
|---|
| 사용자 | Anzil (UID 86393) |
|---|
| 제출 | 2025. 06. 10. AM 09:01 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 06. 19. AM 09:22 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 313289 [PHPGurukul COVID19 Testing Management System 2021 search-report-result.php q 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|