제출 #855978: code-projects Online Job Portal System 1.0 Improper Neutralization of Alternate XSS Syntax정보

제목code-projects Online Job Portal System 1.0 Improper Neutralization of Alternate XSS Syntax
설명During a security review of "Online Job Portal System", stored Cross-Site Scripting (XSS) vulnerabilities were discovered across /News.php, /Admin/DetailJob.php, and /Admin/EditUser.php. All dynamic database output is rendered directly into HTML without htmlspecialchars() encoding. Since the system also suffers from SQL injection vulnerabilities, an attacker can inject malicious JavaScript directly into database fields via UNION-based SQL injection. When an administrator or job seeker views the affected pages, the malicious JavaScript executes in their browser context, stealing session cookies or performing actions on their behalf. Additionally, plaintext passwords are exposed in HTML form values on /Admin/EditUser.php.
원천⚠️ https://github.com/shihuizhang-dazhi/MY-CVE/issues/7
사용자
 dazhi (UID 87857)
제출2026. 06. 11. PM 12:59 (1 월 ago)
모더레이션2026. 07. 13. PM 11:19 (1 month later)
상태수락
VulDB 항목378168 [code-projects Online Job Portal 1.0 /Admin/DetailJob.php 크로스 사이트 스크립팅]
포인트들20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!