| 제목 | SourceCodester Sales and Inventory System 1.0 Cross Site Scripting |
|---|
| 설명 | A stored cross-site scripting (XSS) vulnerability exists in Sales and Inventory System 1.0. The flaw is located in the file update_details.php within the Store Settings module. The application fails to sanitize the POST parameter 'website' before storing it in the database. This allows an authenticated attacker to inject arbitrary JavaScript that executes whenever the store details are viewed. |
|---|
| 원천 | ⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-UpdateDetails-website.md |
|---|
| 사용자 | 563742137abc (UID 95813) |
|---|
| 제출 | 2026. 03. 25. AM 02:59 (18 날 ago) |
|---|
| 모더레이션 | 2026. 04. 08. PM 05:12 (15 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 354200 [SourceCodester Sales and Inventory System 1.0 POST Request update_details.php 웹사이트 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 0 |
|---|