| Title | sourcecodester Computer Inventory System 1.0 Stored XSS |
|---|
| Description | The Computer Inventory System hosted on SOURCECODESTER demonstrates a significant security vulnerability in the form of Stored Cross-Site Scripting (XSS) within its /endpoint/update-computer.php script. This issue arises due to the system's inadequate sanitization of user inputs for various fields, notably the model field. Malicious individuals can exploit this flaw by embedding JavaScript code within the input data, which is then stored and executed within the context of a legitimate user's session when the malicious data is rendered by the web application. The example provided illustrates how an attacker can inject an <img> tag embedded with JavaScript, triggered on the event of an error, to execute arbitrary scripts, such as displaying an alert box. This vulnerability underscores the critical need for thorough input validation and sanitization practices to prevent attackers from injecting and executing malicious scripts, which could lead to unauthorized actions being performed, access to sensitive information, and compromising the integrity of the web application. |
|---|
| Source | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/STORED%20XSS%20upadte-computer.php%20.md |
|---|
| User | nochizplz (UID 64302) |
|---|
| Submission | 02/28/2024 14:26 (2 years ago) |
|---|
| Moderation | 03/01/2024 08:16 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 255383 [SourceCodester Computer Inventory System 1.0 update-computer.php model cross site scripting] |
|---|
| Points | 20 |
|---|