| Title | Medicine Tracker System Stored Cross-site Scripting Vulnerability |
|---|
| Description | An Stored XSS Vulnerability has been discovered in Medicine Tracker System in PHP , any user can sign up and log in.After login, attacker can use the add new medicine function with the vulnerable URI is /php-mts/app/?page=medicines/manage_medicine.They can set Medicine name and Description as <script>alert('2')</script>, then press the SAVE button.
Then the request below will be send and a stored XSS will be made.
POST /php-mts/classes/Master.php?f=save_medicine
**************************************************
id=&name=%3Cscript%3Ealert('6')%3C%2Fscipt%3E&description=%3Cscript%3Ealert('6')%3C%2Fscipt%3E
|
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/16308/medicine-tracker-system-php-oop-and-mysql-db-source-code-free-download.html |
|---|
| User | WWesleywww (UID 43117) |
|---|
| Submission | 03/16/2023 13:00 (3 years ago) |
|---|
| Moderation | 03/17/2023 07:39 (19 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 223292 [SourceCodester Medicine Tracker System 1.0 manage_medicine name/description cross site scripting] |
|---|
| Points | 20 |
|---|