Отправить #800837: EMPLOYEE_MANAGEMENT_SYSTEM v1.0 Stored XSSИнформация

НазваниеEMPLOYEE_MANAGEMENT_SYSTEM v1.0 Stored XSS
Описание## EMPLOYEE_MANAGEMENT_SYSTEM file `370project/mark.php` contains a Stored XSS vulnerability Impact of the vulnerability An attacker can inject JavaScript into a project record by submitting a crafted value in the “Assign Mark” form. When an administrator later opens the same project marking page, the injected script is rendered into an HTML attribute context and may execute, which can lead to: - Session hijacking (stealing cookies/tokens) - Account takeover (performing actions as the admin) - Phishing/UI manipulation (modifying page content to deceive users) ### Payload: "><sCrIpT>alert(1)</ScRiPt> ### Sources download: https://code-projects.org/employee-management-system-in-php-with-source-code/
Источник⚠️ https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul7.md
Пользователь
 SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (UID 97200)
Представление09.04.2026 08:53 (2 месяцы назад)
Модерация26.04.2026 18:01 (17 days later)
СтатусДубликат
Запись VulDB359716 [code-projects Employee Management System 1.0 370project/mark.php межсайтовый скриптинг]
Баллы0

ПредыдущийОбзорДалее

Want to know what is going to be exploited?

We predict KEV entries!