| Название | SourceCodester Pizzafy Ecommerce System 1.0 Cross Site Scripting |
|---|
| Описание | Vulnerability Type: Cross-Site Scripting (XSS) - Stored
Affected Product: Pizzafy Ecommerce System 1.0
Download: https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html
Vulnerable Endpoint and Payload:
/pizzafy/admin/ajax.php?action=save_menu
Vulnerable Parameter:
------WebKitFormBoundary6Eais5IayAYnDgHB
Content-Disposition: form-data; name="name"
<script>alert(document.cookie)</script>
Description:
A Stored Cross-Site Scripting (XSS) vulnerability was identified in the application. User-supplied input is not properly sanitized or encoded before being stored and later rendered in the browser.
An attacker can inject malicious JavaScript code into a persistent field (such as name, description, or comments). When other users access the affected page, the injected script is executed in their browser context.
This allows attackers to perform actions such as session hijacking, credential theft, or unauthorized actions on behalf of the victim..
|
|---|
| Источник | ⚠️ https://github.com/joaodrmmd/VulDB-Reports/blob/main/XSS%20-%20Menu.pdf |
|---|
| Пользователь | r3du (UID 97257) |
|---|
| Представление | 12.04.2026 18:55 (2 месяцы назад) |
|---|
| Модерация | 28.04.2026 12:26 (16 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 359955 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=save_menu Имя межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|