| Title | SourceCodester Daily Calories Monitoring Tool 1.0 Cross Site Scripting |
|---|
| Description | The calorie_date, calorie_name parameters are vulnerable to the tested XSS payload: <IMG """"><SCRIPT>alert("XSS")</SCRIPT>"> . The code catches a PDOException and directly echoes the error message using $e->getMessage(). If an attacker can manipulate the database interaction to cause an error that includes malicious script content, that content would be output directly to the user's browser.
|
|---|
| Source | ⚠️ https://github.com/jadu101/CVE/blob/main/SourceCodester_Daily_Calories_Monitoring_Tool_add_calorie_XSS.md |
|---|
| User | jadu101 (UID 70632) |
|---|
| Submission | 08/23/2024 14:34 (2 years ago) |
|---|
| Moderation | 08/24/2024 00:28 (10 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 275721 [SourceCodester Daily Calories Monitoring Tool 1.0 add-calorie.php calorie_date/calorie_name cross site scripting] |
|---|
| Points | 20 |
|---|