Submeter #290235: SOURCECODESTER FAQ Management System Using PHP and MySQL 1.0 Cross Site Scriptinginformação

TítuloSOURCECODESTER FAQ Management System Using PHP and MySQL 1.0 Cross Site Scripting
DescriçãoThere is not input sanitization present when writing FAQs, making the web application vulnerable to XSS. Allows XSS by placing untrusted code on the parameters question and answer. Payload used is %3Cscript%3Ealert%28%27reigz+was+here%27%29%3C%2Fscript%3E for both parameters. Affected endpoint in question is /faq-management-system/endpoint/add-faq.php POC and further details available on github.
Fonte⚠️ https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BFAQ%20Management%20System%20Using%20PHP%20and%20MySQL%5D%20XSS%20on%20add-faq.php.md
Utilizador
 reiginald (UID 64219)
Submissão29/02/2024 01h48 (há 2 anos)
Moderação01/03/2024 08h26 (1 day later)
EstadoAceite
Entrada VulDB255385 [SourceCodester FAQ Management System 1.0 /endpoint/add-faq.php question/answer Script de Site Cruzado]
Pontos19

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!