| 제목 | SourceCodester Simple Customer Relationship Management (CRM) System 1.0 Cross Site Scripting |
|---|
| 설명 | A Stored Cross Site Scripting (XSS) vulnerability was identified in the Simple Customer Relationship Management System developed by SourceCodester.
The vulnerability exists in the Create Ticket functionality where user supplied input is not properly sanitized before being stored and rendered in the application.
An attacker can inject malicious JavaScript payloads into the ticket description field. When the ticket is later viewed in the View Ticket section, the injected script executes in the victim's browser.
This vulnerability may allow attackers to execute arbitrary JavaScript code, steal session cookies, perform actions on behalf of the victim or conduct phishing attacks. |
|---|
| 원천 | ⚠️ https://medium.com/@hemantrajbhati5555/stored-cross-site-scripting-xss-in-simple-customer-relationship-management-system-crm-php-15a904589844 |
|---|
| 사용자 | Hemant Raj Bhati (UID 95613) |
|---|
| 제출 | 2026. 03. 16. PM 12:20 (19 날 ago) |
|---|
| 모더레이션 | 2026. 04. 01. PM 03:15 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 354656 [SourceCodester Simple Customer Relationship Management System 1.0 Create Ticket /create-ticket.php 설명 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|