| 제목 | projectworlds Lawyer Management System v1.0 Cross Site Scripting |
|---|
| 설명 | During a security assessment of the Lawyer Management System, a stored cross-site scripting (XSS) vulnerability was discovered in the client booking functionality. A malicious client can inject JavaScript code into the “description” field when booking a lawyer. This code is stored in the database and later executed when the lawyer accesses the booking requests page (/lawyer_booking.php). The vulnerability stems from the lack of input sanitization and output encoding, making it possible to steal lawyer session cookies and perform actions on their behalf. |
|---|
| 원천 | ⚠️ https://github.com/eqiya17/collection-of-vulnerability/issues/2 |
|---|
| 사용자 | WangYiQi (UID 96144) |
|---|
| 제출 | 2026. 03. 09. PM 03:29 (25 날 ago) |
|---|
| 모더레이션 | 2026. 03. 23. AM 07:26 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 352494 [projectworlds Lawyer Management System 1.0 /lawyer_booking.php 설명 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|