| Título | sourcecodester Computer Inventory System 1.0 Stored xss |
|---|
| Descrição | The Computer Inventory System developed by SOURCECODESTER is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability within its /endpoint/add-computer.php component. This vulnerability arises from the application's inadequate sanitization of user-supplied data in the model field during the computer addition process. Malicious actors can exploit this vulnerability by submitting a specially crafted request containing a malicious script in the model parameter. When this data is later displayed by the system without proper encoding, the malicious script is executed in the context of the victim's browser. The provided HTTP request example clearly demonstrates how an attacker could inject an <img> tag with a JavaScript onerror event to execute arbitrary JavaScript code, such as displaying an alert box. This vulnerability highlights the critical importance of implementing robust data validation and sanitization practices to prevent the introduction of XSS vulnerabilities in web applications. |
|---|
| Fonte | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/STORED%20XSS%20add-computer.php%20.md |
|---|
| Utilizador | nochizplz (UID 64302) |
|---|
| Submissão | 28/02/2024 14h08 (há 2 anos) |
|---|
| Moderação | 01/03/2024 08h16 (2 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 255381 [SourceCodester Computer Inventory System 1.0 add-computer.php model Script de Site Cruzado] |
|---|
| Pontos | 20 |
|---|