| 제목 | PHPGurukul COVID19 Testing Management System 2021 version Stored Cross-Site Scripting (XSS) |
|---|
| 설명 | A Stored Cross-Site Scripting (XSS) vulnerability has been discovered in PHPGurukul COVID19 Testing Management System version 1.0. This vulnerability is present in the "Take Action" feature, specifically within the "remark" field on the /test-details.php page. An attacker can inject malicious script into this field, which is then permanently stored in the application's database and executed whenever a user views the affected test details, leading to an XSS alert.
Reproduction Steps:
Navigate to a test detail page, for example: http://localhost/covid-tms/test-details.php?tid=5&&oid=716060226
Locate the "Take Action" feature.
In the "remark" field, input an XSS payload (e.g., <script>alert('XSS');</script>).
Submit the form.
Upon subsequent viewing of this specific test detail page, the injected script will execute, triggering the alert() pop-up.
Impact:
Stored XSS vulnerabilities can lead to various severe consequences, including:
Session Hijacking: Stealing user session cookies, allowing an attacker to impersonate the victim.
Defacement: Modifying the content of the affected web page.
Redirection: Redirecting users to malicious websites.
Malware Distribution: Injecting code to download and execute malware on a user's machine.
Data Theft: Exfiltrating sensitive user data displayed on the page. |
|---|
| 원천 | ⚠️ http://localhost/covid-tms/test-details.php?tid=5&&oid=716060226 |
|---|
| 사용자 | Anzil (UID 86393) |
|---|
| 제출 | 2025. 06. 10. PM 12:07 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 06. 19. AM 09:24 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 313291 [PHPGurukul COVID19 Testing Management System 1.0 Take Action /test-details.php remark 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|