| Title | https://www.sourcecodester.com/php/17847/employee-management-sys Employee Management System 1.0 Cross Site Scripting (XSS) |
|---|
| Description | In the `employee.php` page, when adding an employee, the `Full Name` field of the `employee` does not properly filter or validate user input. An attacker can exploit this vulnerability by injecting malicious scripts, such as `<script>alert('xss')</script>`. These scripts are stored in the database and rendered/executed every time the `employee.php` page is accessed, leading to a cross-site scripting (XSS) attack.
This vulnerability is a stored XSS attack, where attackers can store malicious scripts in the database to affect other users over an extended period. This could potentially lead to session hijacking, page content tampering, or other malicious actions. This issue needs to be addressed promptly to prevent data leakage and unauthorized page modifications. |
|---|
| Source | ⚠️ https://github.com/sorcha-l/cve/blob/main/Employee%20Management%20System%20by%20rems%20has%20xss.md |
|---|
| User | lxk_ (UID 81990) |
|---|
| Submission | 02/26/2025 09:02 (1 Year ago) |
|---|
| Moderation | 03/03/2025 19:40 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 298425 [SourceCodester Employee Management System 1.0 employee.php Full Name cross site scripting] |
|---|
| Points | 20 |
|---|