| Название | code-projects Online-Blog-Admin-System-PHP-Project 1.0 Cross Site Scripting |
|---|
| Описание | A critical stored Cross-Site Scripting (XSS) vulnerability was identified in the Online Blog Admin System (v1.0) within the pageViewMembers.php page. The vulnerability arises from unsanitized user input rendered in the member table (e.g., Full Name, Address, City, Phone), allowing payloads like <script>alert("XSS by 0xCaptainFahim")</script> to execute. Additional risks include outdated Bootstrap 3.3.4 and jQuery 1.12.4 libraries and default admin credentials.
Type: Cross-Site Scripting (XSS)
Severity: Critical (Stored XSS); Medium (Other Issues)
Affected Component: pageViewMembers.php
Affected URL: http://localhost/responsive/resblog/blogadmin/admin/pageViewMembers.php
Vulnerable Parameter: User input fields (Full Name, Address, City, Phone) |
|---|
| Источник | ⚠️ https://gist.github.com/0xCaptainFahim/8bb9021dcea33863eaf0279aaca2671c |
|---|
| Пользователь | 0xCaptainFahim (UID 86447) |
|---|
| Представление | 11.06.2025 22:36 (10 месяцы назад) |
|---|
| Модерация | 19.06.2025 12:49 (8 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 313342 [code-projects Responsive Blog 1.0/1.12.4/3.3.4 pageViewMembers.php межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|