| Title | boyiddha Automated-Mess-Management-System 1.0 Stored XSS |
|---|
| Description | The presence of Stored Cross-Site Scripting (XSS) in the /member/member_edit.php endpoint of boyiddha's Automated-Mess-Management-System poses a significant security risk. Attackers can exploit this vulnerability to inject malicious scripts into the application, leading to unauthorized access, session hijacking, or phishing attacks. To replicate the attack, an authenticated user must navigate to the "Update membership" section and inject a payload into the "fullname" parameter. Upon submission, the injected script will execute whenever the page is viewed, potentially compromising user data or system integrity. Developers can mitigate this risk by implementing proper input validation and output encoding to neutralize malicious scripts. |
|---|
| Source | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/STORED%20XSS%20member-member-edit.php%20.md |
|---|
| User | nochizplz (UID 64302) |
|---|
| Submission | 02/26/2024 17:27 (2 years ago) |
|---|
| Moderation | 03/07/2024 17:04 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 256052 [boyiddha Automated-Mess-Management-System 1.0 /member/member_edit.php Name cross site scripting] |
|---|
| Points | 20 |
|---|