| Title | Multi Language Hotel Management Software v1.0 /sparkz/ajax.php POST parameter complaint_type exists stored cross-site scripting |
|---|
| Description | An issue was discovered in Multi Language Hotel Management Software v1.0.
There is a stored cross-site scripting vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /sparkz/ajax.php post parameter complaint_type.
Payload:complainant_name=1&complaint_type=<script>alert(document.cookie)</script>&complaint=2&createComplaint=
Payload will trigger when a user visits on http://localhost/sparkz/index.php?complain |
|---|
| Source | ⚠️ https://github.com/admin-passwd/bug_report/blob/main/XSS-1.md |
|---|
| User | getshell (UID 46326) |
|---|
| Submission | 05/07/2023 04:39 (3 years ago) |
|---|
| Moderation | 05/07/2023 16:43 (12 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 228172 [SourceCodester Multi Language Hotel Management Software 1.0 POST Parameter ajax.php complaint_type cross site scripting] |
|---|
| Points | 20 |
|---|