| Title | SOURCECODESTER FAQ Management System Using PHP and MySQL 1.0 Cross Site Scripting |
|---|
| Description | There is not input sanitization present when writing FAQs, making the web application vulnerable to XSS.
Allows XSS by placing untrusted code on the parameters question and answer.
Payload used is %3Cscript%3Ealert%28%27reigz+was+here%27%29%3C%2Fscript%3E for both parameters.
Affected endpoint in question is /faq-management-system/endpoint/add-faq.php
POC and further details available on github. |
|---|
| Source | ⚠️ https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BFAQ%20Management%20System%20Using%20PHP%20and%20MySQL%5D%20XSS%20on%20add-faq.php.md |
|---|
| User | reiginald (UID 64219) |
|---|
| Submission | 02/29/2024 01:48 (2 years ago) |
|---|
| Moderation | 03/01/2024 08:26 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 255385 [SourceCodester FAQ Management System 1.0 /endpoint/add-faq.php question/answer cross site scripting] |
|---|
| Points | 19 |
|---|