| Title | SourceCodester Leads Manager Tool 1.0 Cross Site Scripting |
|---|
| Description | The vulnerability exists in the leads management tool where user input is not properly sanitized before being embedded into HTML and JavaScript contexts. Specifically, the phone_number parameter is susceptible to XSS due to the lack of proper output encoding. An attacker can inject malicious JavaScript code into this field, which, when viewed by other users, will be executed in their browser, potentially leading to data theft, session hijacking, or phishing attacks.
|
|---|
| Source | ⚠️ https://github.com/jadu101/CVE/blob/main/SourceCodester_Lead_Manager_Tool_Update_Leads_XSS.md |
|---|
| User | jadu101 (UID 70632) |
|---|
| Submission | 08/18/2024 04:45 (2 years ago) |
|---|
| Moderation | 08/19/2024 17:07 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 275134 [SourceCodester Leads Manager Tool 1.0 update-leads.php phone_number cross site scripting] |
|---|
| Points | 20 |
|---|