| 제목 | PHPGurukul Curfew e-Pass Management System using PHP and MySQL Project v1.0 Improper Neutralization of Alternate XSS Syntax |
|---|
| 설명 | During the security review of the "Curfew Pass Management System," a critical Stored Cross-Site Scripting (XSS) vulnerability was discovered in the "edit-category-detail.php" file. This vulnerability affects the Category Name field. An attacker can inject a malicious payload into the catname parameter, which is then persisted in the database. When the edit-category-detail.php page is loaded, the application retrieves the malicious string and outputs it to the HTML without sanitization, leading to arbitrary script execution in the administrator's browser. Immediate remedial measures are required to prevent administrative session compromise. |
|---|
| 원천 | ⚠️ https://github.com/kiyoleee/CVE/issues/2 |
|---|
| 사용자 | kiyoleee (UID 91665) |
|---|
| 제출 | 2025. 10. 16. AM 09:59 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 26. PM 06:17 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 329983 [PHPGurukul Curfew e-Pass Management System 1.0 edit-category-detail.php catname 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|