| Title | Cashier Queuing System v1.0 - Persistent XSS in Cashier Creation |
|---|
| Description | Description: A Persistent XSS in Cashier Queuing System v1.0 allows to inject Arbitrary JavaScript in new Cashier Creation.
Parameters:
Name
Payload:
<script>alert(document.domain)</script>
Steps:
1) Login into admin account
2) Now go to "Cashiers" tab and add a new cashier
3) Now in that "Name" parameter put the payload
Payload: <script>alert(document.domain)</script>
4) Now save the file and refresh the page and our payload has been executed |
|---|
| User | Hactron777 (UID 33897) |
|---|
| Submission | 10/17/2022 17:21 (4 years ago) |
|---|
| Moderation | 10/18/2022 11:31 (18 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 211188 [SourceCodester Cashier Queuing System 1.0 Cashiers Tab Name cross site scripting] |
|---|
| Points | 17 |
|---|