| Title | sourcecodester Computer Laboratory Management System 1.0 Execution After Redirect (EAR) and Stord XsS |
|---|
| Description | The Computer Laboratory Management System suffers from two critical vulnerabilities: Execution After Redirect (EAR) - Authorization Bypass and Stored Cross-Site Scripting (XSS). The EAR flaw allows unauthorized users to circumvent authentication controls, potentially leading to unauthorized access and data compromise. Additionally, the XSS vulnerability enables attackers to inject and execute malicious scripts, posing risks of session hijacking, data theft, and malware propagation. Remediation involves proper script termination, input validation, and output encoding to mitigate these vulnerabilities. Regular security audits and updates are essential to maintaining system integrity and safeguarding against exploitation. |
|---|
| Source | ⚠️ https://github.com/Sospiro014/zday1/blob/main/ear_stord_xss.md |
|---|
| User | SoSPiro (UID 67134) |
|---|
| Submission | 04/05/2024 12:55 (2 years ago) |
|---|
| Moderation | 04/05/2024 15:33 (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 259498 [SourceCodester Computer Laboratory Management System 1.0 SystemSettings.php?f=update_settings Name cross site scripting] |
|---|
| Points | 20 |
|---|