제출 #843714: CodeAstro Complaint Management System v1.0 Stored Cross-Site Scripting (XSS)정보

제목CodeAstro Complaint Management System v1.0 Stored Cross-Site Scripting (XSS)
설명A Stored Cross-Site Scripting (XSS) vulnerability exists in the Report Management functionality of the Complaint Management System. The application fails to properly sanitize user-supplied input submitted through the Report Title field when creating reports. A low-privileged authenticated user can inject malicious JavaScript code into a report title, which is later rendered within the administrator's report management interface without output encoding. When an administrator views the report listing page, the malicious payload executes in the administrator's browser context, potentially leading to session compromise, unauthorized actions, privilege escalation, and complete administrative account takeover.
원천⚠️ https://github.com/ashikmd0507/CVE/blob/main/Stored%20XSS%20in%20Report%20Title%20Field%20Allows%20Script%20Execution%20in%20Admin%20Panel/README.md
사용자
 ashikmd7 (UID 98284)
제출2026. 05. 30. PM 12:18 (1 월 ago)
모더레이션2026. 06. 28. PM 06:05 (29 days later)
상태수락
VulDB 항목374566 [CodeAstro Complaint Management System 1.0 Report /report/addreport Report Title 크로스 사이트 스크립팅]
포인트들20

Do you know our Splunk app?

Download it now for free!