| Title | sourcecodester Computer Inventory System 1.0 Stored xss |
|---|
| Description | The Computer Inventory System developed by SOURCECODESTER is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability within its /endpoint/add-computer.php component. This vulnerability arises from the application's inadequate sanitization of user-supplied data in the model field during the computer addition process. Malicious actors can exploit this vulnerability by submitting a specially crafted request containing a malicious script in the model parameter. When this data is later displayed by the system without proper encoding, the malicious script is executed in the context of the victim's browser. The provided HTTP request example clearly demonstrates how an attacker could inject an <img> tag with a JavaScript onerror event to execute arbitrary JavaScript code, such as displaying an alert box. This vulnerability highlights the critical importance of implementing robust data validation and sanitization practices to prevent the introduction of XSS vulnerabilities in web applications. |
|---|
| Source | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/STORED%20XSS%20add-computer.php%20.md |
|---|
| User | nochizplz (UID 64302) |
|---|
| Submission | 02/28/2024 14:08 (2 years ago) |
|---|
| Moderation | 03/01/2024 08:16 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 255381 [SourceCodester Computer Inventory System 1.0 add-computer.php model cross site scripting] |
|---|
| Points | 20 |
|---|