| Название | PHPGurukul Curfew e-Pass Management System v1.0 Improper Neutralization of Alternate XSS Syntax |
|---|
| Описание | During the security review of the "Curfew Pass Management System," a critical Stored Cross-Site Scripting (XSS) vulnerability was discovered in the "view-pass-detail.php" file. This vulnerability affects the Category Name and the Full name field. An attacker can inject a malicious payload into the input parameter during category creation/editing or a pass creation/editing, which is then persisted in the database. When the view-pass-detail.php page is loaded, the application retrieves the malicious string and outputs it to the HTML without sanitization, leading to arbitrary script execution in the administrator's browser. Immediate remedial measures are required to prevent administrative session compromise. |
|---|
| Источник | ⚠️ https://github.com/kiyoleee/CVE/issues/3 |
|---|
| Пользователь | kiyoleee (UID 91665) |
|---|
| Представление | 16.10.2025 13:52 (6 месяцы назад) |
|---|
| Модерация | 26.10.2025 18:17 (10 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 329984 [PHPGurukul Curfew e-Pass Management System 1.0 view-pass-detail.php Fullname/Category межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|