| 제목 | code-projects Easy Blog Site In PHP 1.0 Cross Site Scripting |
|---|
| 설명 | A Stored Cross-Site Scripting (XSS) vulnerability exists in the Easy Blog Site in PHP within the post update functionality.
The vulnerability occurs in the following endpoint:
/blog/posts/update.php
The application processes user-controlled input via HTTP POST parameters when updating blog posts. The postTitle parameter is directly accepted from user input and stored in the backend database without proper validation or sanitization.
Because the stored value is later rendered in the blog interface without applying output encoding, malicious HTML or JavaScript code can be executed in the browser of users who view the affected post.
During testing, it was confirmed that injecting a malicious payload into the postTitle parameter results in persistent script execution.
payload used:
<details/open/ontoggle=prompt(origin)>
Once the post is updated, the payload is saved in the database and executed whenever the post is viewed.
This confirms that the vulnerability is a Stored (Persistent) Cross-Site Scripting issue. |
|---|
| 원천 | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Stored%20Cross-Site%20Scripting%20(XSS)%20in%20Easy%20Blog%20Site%20PHP%20postTitle%20Parameter.md |
|---|
| 사용자 | AhmadMarzook (UID 96211) |
|---|
| 제출 | 2026. 03. 24. PM 01:01 (17 날 ago) |
|---|
| 모더레이션 | 2026. 04. 08. PM 04:39 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 356244 [code-projects Easy Blog Site 1.0 /posts/update.php postTitle 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|