| Title | Project Worlds Student Project Allocation System 1.0 reflected Cross-Site Scripting (XSS) at admin_login.php |
|---|
| Description | ## Vulnerability Details
The Admin Login module in the Project Allocation System developed by the Project Allocation System is found to have a security vulnerability that exposes it to reflected Cross-Site Scripting (XSS) attacks. This vulnerability allows an attacker to inject malicious scripts into the application, potentially leading to unauthorized access, data theft, or other security breaches.
XSS Vulnerability
- **Location:** `admin/admin_login.php`
- **Vulnerable Parameter:** `msg`
https://localhost/Project-Allocation-System/admin/admin_login.php?msg=test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E
There's a full report attached at the advisory |
|---|
| Source | ⚠️ https://torada.notion.site/Reflected-Cross-site-scripting-at-Project-Allocation-System-d94c7c489c2d48efa23b21a90dd0e03f?pvs=4 |
|---|
| User | torada (UID 61170) |
|---|
| Submission | 01/15/2024 16:49 (2 years ago) |
|---|
| Moderation | 01/19/2024 11:21 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 251549 [Project Worlds Student Project Allocation System 1.0 Admin Login admin_login.php msg cross site scripting] |
|---|
| Points | 17 |
|---|