| 제목 | code-projects Online Reviewer System In PHP 1.0 Cross Site Scripting |
|---|
| 설명 | The Online Reviewer System in PHP v1.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the btn_functions.php component. The issue occurs when the application processes the description parameter during the action=update request. User-supplied input is stored directly in the database without proper validation or output encoding. Because the stored value is later rendered in the web interface without sanitization, attackers can inject malicious HTML or JavaScript code. A crafted payload submitted through the description parameter may execute in the browser of users who view the affected question, leading to potential session hijacking or unauthorized actions within the application. |
|---|
| 원천 | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Stored%20Cross-Site%20Scripting%20(XSS)%20in%20Online%20Reviewer%20System%20PHP%20description%20Parameter.md |
|---|
| 사용자 | AhmadMarzook (UID 96211) |
|---|
| 제출 | 2026. 03. 11. PM 09:03 (23 날 ago) |
|---|
| 모더레이션 | 2026. 03. 27. AM 09:54 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 353859 [code-projects Online Reviewer System 까지 1.0 btn_functions.php 설명 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|