| 제목 | projectworlds Advanced Library Management System 1 Improper Neutralization of Alternate XSS Syntax |
|---|
| 설명 | A stored cross-site scripting (XSS) vulnerability was identified in Advanced Library Management System V1.0. The issue occurs in the /edit_admin.php?admin_id=1 endpoint, where the firstname POST parameter is stored in the database and later rendered in the application without proper escaping. An authenticated attacker can inject malicious JavaScript (e.g., <script>alert(/XSS/)</script>), which will execute whenever the affected page is viewed. Successful exploitation could lead to session hijacking, account takeover, CSRF, or distribution of malicious content to other users. The root cause is insufficient input validation and missing context-aware output encoding. Recommended fixes include applying htmlspecialchars() for output, enforcing strict input validation, implementing a Content Security Policy (CSP), and sanitizing existing stored values. |
|---|
| 원천 | ⚠️ https://github.com/ChenGuangHuangHun/CVE/issues/2 |
|---|
| 사용자 | chenguang (UID 91178) |
|---|
| 제출 | 2025. 10. 01. AM 08:25 (7 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 07. PM 01:44 (6 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 327360 [projectworlds Advanced Library Management System 1.0 /edit_admin.php firstname 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|