Submit #290263: SOURCECODESTER Flashcard Quiz App Using PHP and MySQL 1.0 Cross Site Scriptinginfo

TitleSOURCECODESTER Flashcard Quiz App Using PHP and MySQL 1.0 Cross Site Scripting
DescriptionThere is no input sanitization present when updating flashcards, making the web application vulnerable to XSS. Allows XSS by placing untrusted code on the parameters question and answer. Payload used is %3Cscript%3Ealert%28%27reigz+was+here%27%29%3C%2Fscript%3E for both parameters. Affected endpoint is /flashcard-quiz/endpoint/update-flashcard.php POC and additional information is available on github
Source⚠️ https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BFlashcard%20Quiz%20App%20Using%20PHP%20and%20MySQL%5D%20XSS%20on%20update-flashcard.php.md
User
 reiginald (UID 64219)
Submission02/29/2024 02:06 (2 years ago)
Moderation03/01/2024 08:28 (1 day later)
StatusAccepted
VulDB entry255387 [SourceCodester Flashcard Quiz App 1.0 update-flashcard.php question/answer cross site scripting]
Points19

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!