Submeter #469202: PHPGurukul Blood Bank & Donor Management System 2.4 Improper Input Validationinformação

TítuloPHPGurukul Blood Bank & Donor Management System 2.4 Improper Input Validation
DescriçãoA Cross-Site Scripting (XSS) vulnerability exists in the /bbdms/admin/update-contactinfo.php endpoint. This vulnerability is triggered when an admin updates the Address field with a specially crafted, obfuscated payload //%0D%0A%0d%0a//</stYle/</titLe/</teXt arEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(document.cookie)//>\x3e Upon successful exploitation, the injected payload is executed on the main page (/bbdms/), exposing the administrator's cookies. This can lead to session hijacking or other malicious activities.
Utilizador
 Lo1x (UID 79468)
Submissão26/12/2024 14h04 (há 1 Ano)
Moderação26/12/2024 18h22 (4 hours later)
EstadoAceite
Entrada VulDB289358 [PHPGurukul Blood Bank & Donor Management System 2.4 update-contactinfo.php Address Script de Site Cruzado]
Pontos17

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!