| Title | SourceCodester Student Study Center Desk Management System 1.0 Cross Site Scripting |
|---|
| Description | ## Details
### Related Code file:
`/sscdms/classes/Users.php?f=save`
### XSS parameter:
`firstname`
In the POST request, the "firstname" parameter is vulnerable to Cross Site Scripting.
## Payload
```
<script>print()</script>
```
## Report link: https://reports-kunull.vercel.app/CVE%20research/student-study-center-desk-management-system-xss-firstname |
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code |
|---|
| User | Anonymous User |
|---|
| Submission | 07/15/2024 11:31 (2 years ago) |
|---|
| Moderation | 07/16/2024 21:28 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 271706 [SourceCodester Student Study Center Desk Management System 1.0 HTTP POST Request Users.php?f=save firstname/middlename/lastname/username cross site scripting] |
|---|
| Points | 19 |
|---|