| 제목 | SourceCodester Simple To-Do List System 1.0 Cross Site Scripting |
|---|
| 설명 | The system contains a critical security vulnerability known as a Stored Cross-Site Scripting (XSS) vulnerability. The root cause of this vulnerability lies in the application’s failure to adequately sanitize and escape user-inputted task content. When an attacker inserts malicious JavaScript code (such as <script>alert('XSS')</script>) into the "Enter task..." input field within the "Add New Task" pop-up window and saves it, this malicious code is directly stored in the website’s database.Subsequently, when any user accesses the application’s main page, the system loads all task lists from the database and renders this unfiltered content directly into the webpage. The browser interprets the malicious code as legitimate script instructions, resulting in a persistent attack that poses a threat to all visitors. Attackers can exploit this vulnerability to steal users’ session cookies, manipulate page content, redirect users to malicious websites, or even perform unauthorized actions on behalf of the user. |
|---|
| 원천 | ⚠️ https://github.com/chen2496088236/CVE/issues/11 |
|---|
| 사용자 | 111ctx (UID 89466) |
|---|
| 제출 | 2025. 09. 02. AM 02:49 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 08. PM 04:40 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 323087 [SourceCodester Simple To-Do List System 1.0 Add New Task /fetch_tasks.php 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|