| Título | SourceCodester Contact Manager with Export to VCF 1.0 Improper Neutralization of Alternate XSS Syntax |
|---|
| Descrição | A Stored XSS vulnerability found in Contact Manager with Export to VCF from SourceCodester where **contact_name** parameter (Contact Name) display field storing data in
index.html line 105
```
<thead>
<tr>
<th scope="col">Contact ID</th>
105 <th scope="col">Name</th>
<th scope="col">Phone Number</th>
<th scope="col">Email</th>
<th scope="col">Action</th>
</tr>
</thead>
```
is not properly sanitized for prevention of XSS and vulnerable to stored XSS vulnerability
Step to reporduce:
1. Product URL:https://www.sourcecodester.com/php/17556/contact-manager-export-vcf-using-php-and-mysql-source-code.html
Download and setup this project
2. navigate to URL
3. Use this payload "><img src=x onerror=alert("document.cookie")> in the **Contact Name** field
4. Submit and Observe the XSS
(advisory link add after CVE assignment) |
|---|
| Utilizador | guru (UID 74056) |
|---|
| Submissão | 28/08/2024 18h04 (há 2 anos) |
|---|
| Moderação | 30/08/2024 07h43 (2 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 276212 [SourceCodester Contact Manager with Export to VCF 1.0 index.html contact_name Script de Site Cruzado] |
|---|
| Pontos | 17 |
|---|