| 제목 | Bdtask Bhojon All-In-One Restaurant Management System Latest Stored Cross-Site Scripting |
|---|
| 설명 | A critical Stored Cross-Site Scripting (Persistent XSS) vulnerability exists in Bdtask’s Bhojon All-In-One Restaurant Management System, specifically within the Profile Update / User Information module. The application fails to sanitize or encode user-supplied input before storing it and rendering it back on the profile page. By injecting a payload such as <script>alert(1)</script> into the Profile field, an attacker can store malicious JavaScript that executes every time the profile page is loaded. This results in persistent script execution across sessions and users, enabling session theft, account takeover, privilege escalation, admin compromise, phishing attacks, and malware injection. The issue affects the latest demo version available at the vendor’s site. |
|---|
| 원천 | ⚠️ https://github.com/4m3rr0r/PoCVulDb/issues/12 |
|---|
| 사용자 | 4m3rr0r (UID 85795) |
|---|
| 제출 | 2026. 01. 16. AM 11:24 (5 개월 ago) |
|---|
| 모더레이션 | 2026. 01. 29. AM 09:44 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 343360 [Bdtask Bhojon All-In-One Restaurant Management System 까지 20260116 User Information /dashboard/home/profile fullname 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|