| 제목 | code-projects Simple Food Ordering System 1.0 Improper Neutralization of Alternate XSS Syntax |
|---|
| 설명 | This code segment is vulnerable to stored Cross-Site Scripting (XSS) attacks because it outputs database content directly into the HTML page without proper escaping. An attacker can inject malicious JavaScript code into fields such as product name or category name. When a user visits the order page, the injected script will execute in their browser.
Theft of user cookies or session tokens, leading to account hijacking.
Execution of unauthorized actions on behalf of the user (such as placing orders or changing account details).
Display of fake content or phishing forms to trick users into revealing sensitive information.
Potential spread of malware if malicious scripts are injected. |
|---|
| 원천 | ⚠️ https://github.com/asd1238525/cve/blob/main/xss3.md |
|---|
| 사용자 | yunlin (UID 79129) |
|---|
| 제출 | 2025. 09. 17. AM 09:06 (7 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 21. PM 09:44 (5 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 325194 [code-projects Simple Food Ordering System 1.0 /ordersimple/order.php 아이디 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|