| Название | https://www.sourcecodester.com/php/17847/employee-management-sys Employee Management System 1.0 Cross Site Scripting (XSS) |
|---|
| Описание | In the `employee.php` page, when adding an employee, the `Full Name` field of the `employee` does not properly filter or validate user input. An attacker can exploit this vulnerability by injecting malicious scripts, such as `<script>alert('xss')</script>`. These scripts are stored in the database and rendered/executed every time the `employee.php` page is accessed, leading to a cross-site scripting (XSS) attack.
This vulnerability is a stored XSS attack, where attackers can store malicious scripts in the database to affect other users over an extended period. This could potentially lead to session hijacking, page content tampering, or other malicious actions. This issue needs to be addressed promptly to prevent data leakage and unauthorized page modifications. |
|---|
| Источник | ⚠️ https://github.com/sorcha-l/cve/blob/main/Employee%20Management%20System%20by%20rems%20has%20xss.md |
|---|
| Пользователь | lxk_ (UID 81990) |
|---|
| Представление | 26.02.2025 09:02 (1 Год назад) |
|---|
| Модерация | 03.03.2025 19:40 (5 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 298425 [SourceCodester Employee Management System 1.0 employee.php Full Name межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|