| 제목 | SourceCodester Sales and Inventory System 1.0 Cross Site Scripting |
|---|
| 설명 | A reflected cross-site scripting (XSS) vulnerability exists in Sales and Inventory System 1.0. The vulnerability is located in the delete.php file. The application fails to sanitize the GET parameter 'id' before reflecting it in the response. An authenticated attacker can exploit this to execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking. |
|---|
| 원천 | ⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-Delete-id.md |
|---|
| 사용자 | 563742137abc (UID 95813) |
|---|
| 제출 | 2026. 03. 25. AM 02:56 (18 날 ago) |
|---|
| 모더레이션 | 2026. 04. 08. PM 05:13 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 356246 [SourceCodester Sales and Inventory System 1.0 GET Parameter /delete.php 아이디 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|