| Title | SourceCodester Profile Registration without Reload Refresh 1.0 Cross Site Scripting |
|---|
| Description | XSS vulnerability from Sourcecodester Profile Registration without Reload/Refresh 1.0 (add.php)
The parameters: email_address, address,company_name, job_title, jobDescriptionparameter are all vulnerable to the tested XSS payload: <script>alert('xss')</script>. This string is injected to the webpage when it is loaded in the admin dashboard.
Application does not properly sanitize or validate the input, this script could be executed in the user's browser, leading to an XSS attack. |
|---|
| Source | ⚠️ https://gist.github.com/sechurity/07c5a3a15f21313ee657d05baadbee19 |
|---|
| User | sechurity (UID 75739) |
|---|
| Submission | 10/03/2024 18:18 (2 years ago) |
|---|
| Moderation | 10/10/2024 09:32 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 279949 [SourceCodester Profile Registration without Reload Refresh 1.0 add.php cross site scripting] |
|---|
| Points | 20 |
|---|