| Title | SourceCodester Best House Rental Management System 1.0 Cross Site Scripting |
|---|
| Description | At function add house type in categories.php, no validation or sanitization for input from the users, then the result of the input will be shown in "/index.php?page=manage_categories". An attacker can use this to do cross-site scripting to steal other users' sessions. This required an authenticated account. |
|---|
| User | dwgth4i (UID 74608) |
|---|
| Submission | 09/09/2024 12:20 (2 years ago) |
|---|
| Moderation | 09/11/2024 18:38 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 277217 [SourceCodester Best House Rental Management System 1.0 categories.php cross site scripting] |
|---|
| Points | 15 |
|---|