Submit #149057: Online DJ Management System v1.0 /odjms/classes/Master.php?f=save_event POST form-data parameter name=name exists stored cross-site scriptinginfo

TitleOnline DJ Management System v1.0 /odjms/classes/Master.php?f=save_event POST form-data parameter name=name exists stored cross-site scripting
DescriptionAn issue was discovered in Online DJ Management System v1.0. There is a stored cross-site scripting vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /odjms/classes/Master.php?f=save_event POST form-data parameter name="name". Steps to reproduce 1.Go to the admin Login 2.Click on Event List and Click on + Add New. 3.Put Payload into the name=name parameter. 4.Click on Save 5.Payload will trigger when a user visits on http://localhost/odjms/admin/?page=events
Source⚠️ https://github.com/yoyoyoyoyohane/bug_report/blob/main/XSS-1.md
User
 yohane (UID 45724)
Submission04/26/2023 13:32 (3 years ago)
Moderation04/28/2023 13:19 (2 days later)
StatusAccepted
VulDB entry227648 [SourceCodester Online DJ Management System 1.0 Master.php?f=save_event Name cross site scripting]
Points20

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!