| Title | Cashier Queuing System v1.0 - Stored XSS |
|---|
| Description | Description: A Stored XSS in Cashier Queuing System v1.0 leads to Arbitrary JavaScript code injection in User Creation.
Vulnerable Parameters:
Name
Username
Payload:
<script>prompt(1)</script>
Steps:
1) Login into admin account
2) Now go to User list and in that click on "Add New"
3) Now create a user but in name and username put your payload
Payload: <script>prompt(1)</script>
4) Save the users and refresh the page and our payload has been executed |
|---|
| User | Hackpk (UID 33860) |
|---|
| Submission | 10/17/2022 17:07 (4 years ago) |
|---|
| Moderation | 10/18/2022 11:30 (18 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 211187 [SourceCodester Cashier Queuing System 1.0.1 User Creation cross site scripting] |
|---|
| Points | 17 |
|---|