Отправить #300037: SOURCECODESTER File Manager App 1.0 Stored XSSИнформация

НазваниеSOURCECODESTER File Manager App 1.0 Stored XSS
ОписаниеThe File Manager App is vulnerable to Stored Cross-Site Scripting (XSS) in /endpoint/add-file.php. This vulnerability arises from not sanitizing user inputs for fileTitle and fileUploader fields, allowing attackers to inject malicious JavaScript code. As demonstrated, submitting a file with a specially crafted fileTitle or fileUploader value can execute arbitrary JavaScript code, such as displaying an alert box. This highlights the necessity for stringent input validation and sanitization to prevent stored XSS vulnerabilities, thereby safeguarding the application and its users from potential malicious exploits.
Источник⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/STORED%20XSS%20add-file.php.md
Пользователь
 nochizplz (UID 64302)
Представление17.03.2024 12:47 (2 лет назад)
Модерация18.03.2024 17:06 (1 day later)
СтатусДубликат
Запись VulDB243595 [SourceCodester File Manager App 1.0 endpoint/add-file.php uploadedFileName эскалация привилегий]
Баллы0

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!