| Título | code-projects Online-Blog-Admin-System-PHP-Project 1.0 Cross Site Scripting |
|---|
| Descrição | A critical stored Cross-Site Scripting (XSS) vulnerability was identified in the Online Blog Admin System (v1.0) within the pageViewMembers.php page. The vulnerability arises from unsanitized user input rendered in the member table (e.g., Full Name, Address, City, Phone), allowing payloads like <script>alert("XSS by 0xCaptainFahim")</script> to execute. Additional risks include outdated Bootstrap 3.3.4 and jQuery 1.12.4 libraries and default admin credentials.
Type: Cross-Site Scripting (XSS)
Severity: Critical (Stored XSS); Medium (Other Issues)
Affected Component: pageViewMembers.php
Affected URL: http://localhost/responsive/resblog/blogadmin/admin/pageViewMembers.php
Vulnerable Parameter: User input fields (Full Name, Address, City, Phone) |
|---|
| Fonte | ⚠️ https://gist.github.com/0xCaptainFahim/8bb9021dcea33863eaf0279aaca2671c |
|---|
| Utilizador | 0xCaptainFahim (UID 86447) |
|---|
| Submissão | 11/06/2025 22h36 (há 10 meses) |
|---|
| Moderação | 19/06/2025 12h49 (8 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 313342 [code-projects Responsive Blog 1.0/1.12.4/3.3.4 pageViewMembers.php Script de Site Cruzado] |
|---|
| Pontos | 20 |
|---|