| 제목 | projectworlds Lawyer Management System v1.0 Cross Site Scripting |
|---|
| 설명 | During a security assessment of the Lawyer Management System, a stored cross-site scripting (XSS) vulnerability was discovered in the lawyer registration functionality. The application fails to validate or sanitize the ‘first_Name’ input field during registration, and subsequently outputs this data unsanitized on the public ‘/lawyers.php’ page. An attacker can register as a lawyer with a malicious payload in the first name field. Once the account is activated (or automatically activated), any visitor – including administrators and other users – who browses the lawyer list will trigger the payload. This can lead to complete compromise of user sessions and sensitive data exposure. |
|---|
| 원천 | ⚠️ https://github.com/eqiya17/collection-of-vulnerability/issues/1 |
|---|
| 사용자 | WangYiQi (UID 96144) |
|---|
| 제출 | 2026. 03. 09. AM 09:46 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 22. PM 01:05 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 352434 [projectworlds Lawyer Management System 1.0 /lawyers.php first_Name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|