| Title | CodeAstro Real Estate Management System 1.0 Stored Cross-Site Script (XSS) |
|---|
| Description | We've discovered that the Real Estate Management System fails to validate user input in the feedback form, making it vulnerable to malicious JavaScript injection.
An attacker could insert malicious code into the feedback form, stored directly in the application's database. When the admin user accesses the feedback section, this code will be executed and pop up the admin cookie. The potential consequences are severe. The attacker could steal sensitive data, hijack admin accounts, vandalize the system, or even spread malware. |
|---|
| Source | ⚠️ https://docs.google.com/document/d/18M55HRrxHQ9Jhph6CwWF-d5epAKtOSHt/edit?usp=drive_link&ouid=105609487033659389545&rtpof=true&sd=true |
|---|
| User | Thrill_comrade (ID 62776) |
|---|
| Submission | 2024-01-30 18:58 (4 months ago) |
|---|
| Moderation | 2024-01-31 09:58 (15 hours later) |
|---|
| Status | Przyjęty |
|---|
| VulDB Entry | 252458 |
|---|