| 제목 | itsourcecode Online Petshop Management System 1 Stored XSS in addcnp.php |
|---|
| 설명 | The Petshop Online Website is vulnerable to Stored Cross-Site Scripting (XSS) through the addcnp.php script. Malicious JavaScript can be injected into the name or description parameters when adding a new product. The payload is stored in the tblcnp database and later displayed unsanitized in availableframe.php. Since available.php embeds availableframe.php inside an iframe, the malicious script executes whenever a user visits the Available Products page. |
|---|
| 원천 | ⚠️ https://github.com/drew-byte/Online-Pet-Shop-Management-System-Stored-XSS-PoC/blob/main/README.md |
|---|
| 사용자 | drewbyte (UID 89075) |
|---|
| 제출 | 2025. 09. 09. AM 09:39 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 17. PM 02:12 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 324660 [itsourcecode Online Petshop Management System 1.0 Available Products Page addcnp.php name/description 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|