| Название | SourceCodester Web-based Pharmacy Product Management System 1.0 Cross Site Scripting |
|---|
| Описание | A stored cross-site scripting (XSS) vulnerability exists in SourceCodester Web-based Pharmacy Product Management System version 1.0. The vulnerability affects the profile update functionality in edit-profile.php, specifically the "fullname" parameter.
The application does not properly sanitize or encode user-supplied input before storing it in the database. An authenticated attacker can inject malicious JavaScript into the fullname field. The payload is stored persistently and rendered within the global application layout (e.g., header or navigation area).
As a result, the injected script executes automatically on every page load across the application after profile modification. Successful exploitation allows execution of arbitrary JavaScript in the context of authenticated users, potentially leading to session hijacking, privilege escalation, and unauthorized actions. |
|---|
| Источник | ⚠️ https://gist.github.com/Denilxavier/6b21cb788f7f545179286f6c44989448 |
|---|
| Пользователь | Denil Xavier (UID 95932) |
|---|
| Представление | 26.02.2026 16:39 (2 месяцы назад) |
|---|
| Модерация | 07.03.2026 21:51 (9 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 349744 [SourceCodester Web-based Pharmacy Product Management System 1.0 edit-profile.php fullname межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|