| Название | projectworlds Visitor Management System V 1.0 Cross Site Scripting |
|---|
| Описание | During the security assessment of "Visitor Management System Project in PHP MySQL", a Cross-Site Scripting (XSS) vulnerability was identified in "/Visitor Management System in PHP/myform.php".
The vulnerability arises because the system fails to properly handle user-controlled input (or DOM element data) associated with the "": when attackers submit content containing malicious JavaScript code, the system does not filter, encode, or escape the code before rendering it into the front-end HTML. When other users (including privileged users such as administrators) access the affected page or interact with the affected element, the malicious code is executed in their browsers under the context of the current domain.
This issue can be exploited with low attack costs (no complex technical barriers) and may affect a large number of users if the affected page is publicly accessible or widely used, posing a significant threat to user account security and system data confidentiality. |
|---|
| Источник | ⚠️ https://github.com/tddgns/cve/issues/2 |
|---|
| Пользователь | tddgns (UID 90187) |
|---|
| Представление | 21.09.2025 14:42 (7 месяцы назад) |
|---|
| Модерация | 26.09.2025 14:04 (5 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 326106 [Projectworlds Visitor Management System 1.0 Add Visitor Page /myform.php Имя межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|