| 제목 | SourceCodester Inventory System using PHP and MySQL Source Code 0 Cross Site Scripting |
|---|
| 설명 | The issues exsits in the entire application, where users input is being stored and reflected back on the page. As there is no proper input validation, thus. It was possible to add scripts, HTML tags and thats gets stored in the backend database and then is reflected on the screen. The issue has been observed in the following files and pages.
Vendor ID, Name, Mobile, GST in vendor management.
Product ID, Product Name, HSN Code, Product Code
The same values are reflected in all other pages, including the HTML report/PDF report generated after the invoice. Thus, the entire application has this vulnerability whereever the iser input is taken and is being sotred in the backend database. That is getting reflected on the fron-end.
The following can be seen in the codebase to provide the values are not being escaped.
header.php
<?php echo $_SESSION['full_name'] ?? $_SESSION['username']; ?>
<?php echo strtoupper($_SESSION['role']); ?>
If any user-controlled text is stored in session values, it renders raw.
users.php
<?php echo $row['full_name']; ?>
<?php echo $row['username']; ?>
<?php echo ucfirst($row['role']); ?>
<?php echo $row['created_at']; ?>
User records are displayed without HTML escaping.
invoice.php
<?php echo $sale['Customer_Name']; ?>
<?php echo $sale['Customer_Id']; ?>
<?php echo $customer['Customer_Mobile']; ?>
<?php echo $customer['Customer_Address']; ?>
<?php echo $sale['Product_Name']; ?>
<?php echo $sale['Hsn_Code']; ?>
These fields come from database records and are echoed raw, enabling stored XSS if any customer/product/sale field contains malicious HTML/JS.
index.php
<?php echo $lowProd['Product_Name']; ?>
<?php echo $lowProd['Quantity']; ?>
<?php echo $lowProd['Low_Stock_Threshold']; ?>
Data from products is rendered directly.
admin_verify.php
<?php echo $error; ?>
Error text is output without escaping.
A simple payload --> <h1>hello1</h1> was used to validate the reflection and it proved to be working.
Reflection in purchases.php
</option>
<option value="<h1>hello</h1>" data-name="<h1>hello</h1>" data-hsn="<h1>hello</h1>">
<h1>hello</h1> (<h1>hello</h1>)
</option>
|
|---|
| 사용자 | Kamran Saifullah (UID 4218) |
|---|
| 제출 | 2026. 05. 24. AM 09:04 (16 날 ago) |
|---|
| 모더레이션 | 2026. 06. 07. PM 06:01 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 369140 [SourceCodester Inventory System 1.0 header.php 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|