Submeter #589962: code-projects Traffic Offense Reporting System 1.0 Cross Site Scriptinginformação

Títulocode-projects Traffic Offense Reporting System 1.0 Cross Site Scripting
DescriçãoDuring the security review of "Traffic Offense Reporting System", I discovered a Stored Cross-Site Scripting vulnerability in the "saveuser.php" file. This vulnerability stems from insufficient user input validation of the 'user_id', 'username', 'email', 'name', 'position' parameter, allowing attackers to inject malicious front-end code. Therefore, attackers can forge input values, thereby manipulating front-end code and performing the set behaviors in the user's browser, such as stealing the user's cookies. Immediate remedial measures are needed to ensure system security and protect data integrity.
Fonte⚠️ https://github.com/tuooo/CVE/issues/1
Utilizador
 DS_Leo (UID 86084)
Submissão04/06/2025 08h44 (há 1 Ano)
Moderação04/06/2025 14h38 (6 hours later)
EstadoAceite
Entrada VulDB311141 [code-projects Traffic Offense Reporting System 1.0 saveuser.php user_id/username/email/name/position Script de Site Cruzado]
Pontos20

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!