| 제목 | itsourcecode Online Petshop Management System 1 Stored XSS in Admin Dashboard Triggered by Customer Orders |
|---|
| 설명 | The Petshop Online Website is vulnerable to Stored Cross-Site Scripting (XSS) via the order submission form. If a visitor submits an order with a malicious payload in the name or address fields, the input is stored in the database (tblorders) and later displayed directly on the admin dashboard without sanitization or escaping. As a result, the payload executes immediately in the admin’s browser when they view the new order. This allows an attacker to execute arbitrary JavaScript in the context of the admin user, potentially stealing cookies, performing actions on behalf of the admin, or manipulating dashboard content. The vulnerability exists because user input is stored and reflected without validation or output encoding. |
|---|
| 원천 | ⚠️ https://github.com/drew-byte/Online-Pet-Shop-Management-System_AdminDashboard_Stored-XSS-PoC/blob/main/README.md |
|---|
| 사용자 | drewbyte (UID 89075) |
|---|
| 제출 | 2025. 09. 09. AM 09:39 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 17. PM 02:12 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 324661 [itsourcecode Online Petshop Management System 1.0 Admin Dashboard availableframe.php name/address 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|