| 제목 | projectworlds Visitor Management System V 1.0 Cross Site Scripting |
|---|
| 설명 | During the security assessment of "Visitor Management System Project in PHP MySQL", a Cross-Site Scripting (XSS) vulnerability was identified in "/Visitor Management System in PHP/myform.php".
The vulnerability arises because the system fails to properly handle user-controlled input (or DOM element data) associated with the "": when attackers submit content containing malicious JavaScript code, the system does not filter, encode, or escape the code before rendering it into the front-end HTML. When other users (including privileged users such as administrators) access the affected page or interact with the affected element, the malicious code is executed in their browsers under the context of the current domain.
This issue can be exploited with low attack costs (no complex technical barriers) and may affect a large number of users if the affected page is publicly accessible or widely used, posing a significant threat to user account security and system data confidentiality. |
|---|
| 원천 | ⚠️ https://github.com/tddgns/cve/issues/2 |
|---|
| 사용자 | tddgns (UID 90187) |
|---|
| 제출 | 2025. 09. 21. PM 02:42 (7 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 26. PM 02:04 (5 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 326106 [Projectworlds Visitor Management System 1.0 Add Visitor Page /myform.php 이름 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|