| Название | Bdtask Bhojon All-In-One Restaurant Management System Latest Stored Cross-Site Scripting |
|---|
| Описание | A critical Stored Cross-Site Scripting (Persistent XSS) vulnerability exists in Bdtask’s Bhojon All-In-One Restaurant Management System, specifically within the Profile Update / User Information module. The application fails to sanitize or encode user-supplied input before storing it and rendering it back on the profile page. By injecting a payload such as <script>alert(1)</script> into the Profile field, an attacker can store malicious JavaScript that executes every time the profile page is loaded. This results in persistent script execution across sessions and users, enabling session theft, account takeover, privilege escalation, admin compromise, phishing attacks, and malware injection. The issue affects the latest demo version available at the vendor’s site. |
|---|
| Источник | ⚠️ https://github.com/4m3rr0r/PoCVulDb/issues/12 |
|---|
| Пользователь | 4m3rr0r (UID 85795) |
|---|
| Представление | 16.01.2026 11:24 (5 месяцы назад) |
|---|
| Модерация | 29.01.2026 09:44 (13 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 343360 [Bdtask Bhojon All-In-One Restaurant Management System до 20260116 User Information /dashboard/home/profile fullname межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|