| Title | SourceCodester Task Progress Tracker 1.0 Cross Site Scripting |
|---|
| Description | When updating a task, the task_name parameter is vulnerable to the tested XSS payload: <IMG """"><SCRIPT>alert("XSS")</SCRIPT>"> in update-task.php.
Application does not properly sanitize or validate the task_name input, this script could be executed in the user's browser, leading to an XSS attack. |
|---|
| Source | ⚠️ https://github.com/jadu101/CVE/blob/main/SourceCodester_Task_Progress_Tracker_Update_Task_XSS.md |
|---|
| User | jadu101 (UID 70632) |
|---|
| Submission | 08/23/2024 14:16 (2 years ago) |
|---|
| Moderation | 08/24/2024 00:26 (10 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 275720 [SourceCodester Task Progress Tracker 1.0 update-task.php task_name cross site scripting] |
|---|
| Points | 18 |
|---|