| Title | codeastro ExpenseManagement-PHP 1 XSS |
|---|
| Description | An XSS vulnerability stored in ExpenseManagement-PHP has been identified,which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads.
This vulnerability is a type of stored Cross-Site Scripting (XSS), a web security loophole that permits an attacker to insert malicious JavaScript or HTML code into a reputable web application. The vulnerability specifically affects the attachment preview feature. It allows an attacker to upload a malicious HTML file containing JavaScript code.
software:
https://codeastro.com/expense-management-system-in-php-with-source-code/ |
|---|
| Source | ⚠️ https://docs.qq.com/doc/DYmhqV3piekZ5dlZi |
|---|
| User | Mooooon (UID 61604) |
|---|
| Submission | 01/29/2024 03:52 (2 years ago) |
|---|
| Moderation | 01/29/2024 15:02 (11 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 252304 [CodeAstro Expense Management System 1.0 Add Expenses Page 5-Add-Expenses.php item cross site scripting] |
|---|
| Points | 20 |
|---|