| Título | projectworlds Visitor Management System V 1.0 Cross Site Scripting |
|---|
| Descrição | During the security assessment of "Visitor Management System Project in PHP MySQL", a Cross-Site Scripting (XSS) vulnerability was identified in "/Visitor Management System in PHP/myform.php".
The vulnerability arises because the system fails to properly handle user-controlled input (or DOM element data) associated with the "": when attackers submit content containing malicious JavaScript code, the system does not filter, encode, or escape the code before rendering it into the front-end HTML. When other users (including privileged users such as administrators) access the affected page or interact with the affected element, the malicious code is executed in their browsers under the context of the current domain.
This issue can be exploited with low attack costs (no complex technical barriers) and may affect a large number of users if the affected page is publicly accessible or widely used, posing a significant threat to user account security and system data confidentiality. |
|---|
| Fonte | ⚠️ https://github.com/tddgns/cve/issues/2 |
|---|
| Utilizador | tddgns (UID 90187) |
|---|
| Submissão | 21/09/2025 14h42 (há 7 meses) |
|---|
| Moderação | 26/09/2025 14h04 (5 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 326106 [Projectworlds Visitor Management System 1.0 Add Visitor Page /myform.php Nome Script de Site Cruzado] |
|---|
| Pontos | 20 |
|---|