| Título | Code-projects Simple Stock System v1.0 Stored XSS vulnerability |
|---|
| Descrição | A storage-type XSS vulnerability was found in the "chatuser.php " file of the "Simple Stock System" project. The root cause is that the program inserts the raw data retrieved by "$_POST" directly into the "chat_table". If an attacker sends a Payload (e.g."<img src=x onerror=alert(1)>"), the code will store it permanently in the database. When a user requests to view a chat history, "echo $msg_list" sends malicious code from the database to the browser of each user who visits the chat page. Immediate corrective actions are essential to safeguard system security and uphold data integrity. |
|---|
| Fonte | ⚠️ https://github.com/jjjjj-zr/jjjjjzr18/issues/2 |
|---|
| Utilizador | jjjjjzr (UID 92774) |
|---|
| Submissão | 26/12/2025 07h15 (há 4 meses) |
|---|
| Moderação | 28/12/2025 11h21 (2 days later) |
|---|
| Estado | Duplicado |
|---|
| Entrada VulDB | 337598 [code-projects Simple Stock System 1.0 /market/chatuser.php Script de Site Cruzado] |
|---|
| Pontos | 0 |
|---|