| Title | Sourcecodester Daily Habit Tracker 1.0 Stored XSS |
|---|
| Description | The Daily Habit Tracker web application has a vulnerability in its project assignment feature that allows for stored cross-site scripting (XSS) attacks. This vulnerability, categorized as CWE-79, occurs in the /endpoint/update-tracker.php component due to inadequate input handling during webpage creation. Attackers can exploit this by inserting harmful JavaScript code into the "day" parameter when assigning projects. Users who then view these assigned project names may unknowingly activate the injected script in their browsers, potentially leading to dangerous actions like session hijacking or data theft. A Proof of Concept (POC) is presented with a sample payload and HTTP request, along with a screenshot showing the successful execution of unauthorized scripts. |
|---|
| Source | ⚠️ https://github.com/vanitashtml/CVE-Dumps/blob/main/Stored%20XSS%20Daily%20Habit%20Tracker.md |
|---|
| User | rjavenido22 (UID 64261) |
|---|
| Submission | 02/29/2024 14:26 (2 years ago) |
|---|
| Moderation | 03/01/2024 08:41 (18 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 255391 [SourceCodester Daily Habit Tracker 1.0 update-tracker.php day cross site scripting] |
|---|
| Points | 20 |
|---|