| Название | EMPLOYEE_MANAGEMENT_SYSTEM v1.0 Stored XSS |
|---|
| Описание | ## MPLOYEE_MANAGEMENT_SYSTEM file `370project/edit.php` contains a Stored XSS vulnerability
Impact of the vulnerability
An attacker can inject malicious JavaScript into an employee record by submitting a crafted value in the update form. When an administrator later opens the affected employee’s edit page, the payload is rendered in an HTML attribute context and can execute, potentially leading to:
- Session hijacking (stealing cookies/tokens)
- Account takeover (performing actions as the admin)
- Phishing/UI redress (injecting fake forms or modifying page content)
### Payload:
"><sCrIpT>alert(555)</sCrIpT>
### Sources download:
https://code-projects.org/employee-management-system-in-php-with-source-code/ |
|---|
| Источник | ⚠️ https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul4.md |
|---|
| Пользователь | SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (UID 97200) |
|---|
| Представление | 09.04.2026 08:49 (2 месяцы назад) |
|---|
| Модерация | 26.04.2026 18:01 (17 days later) |
|---|
| Статус | Дубликат |
|---|
| Запись VulDB | 359670 [code-projects Employee Management System 1.0 370project/edit.php ИД межсайтовый скриптинг] |
|---|
| Баллы | 0 |
|---|