Отправить #426916: code-projects Pharmacy Management System 1.0 Cross Site ScriptingИнформация

Названиеcode-projects Pharmacy Management System 1.0 Cross Site Scripting
ОписаниеA stored XSS vulnerability has been identified in the Pharmacy Management System version 1.0, specifically within the customer update functionality. This flaw occurs because user input fields, such as the name, address, or doctor_address parameters, are not properly sanitized. An attacker can inject malicious JavaScript code, which is stored in the database and executed each time the affected page is accessed. The persistence of this XSS attack poses a high risk, as it can impact both administrators and users by enabling: Session hijacking Theft of sensitive information (e.g., login credentials) Privilege escalation Defacement or manipulation of web content This vulnerability could allow attackers to perform more dangerous actions, such as stealing authentication cookies or altering critical data without detection.
Источник⚠️ https://gist.github.com/higordiego/0dae6dd4a36acd12bcc408caf1c787d9
Пользователь
 c4ttr4ck (UID 75518)
Представление19.10.2024 19:16 (2 лет назад)
Модерация20.10.2024 20:49 (1 day later)
Статуспринято
Запись VulDB281024 [code-projects Pharmacy Management System 1.0 Manage Medicines Page /manage_medicine.php name/address/doctor_address/suppliers_name межсайтовый скриптинг]
Баллы20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!