| Title | code-projects Online-Blog-Admin-System-PHP-Project 1.0 Cross Site Scripting |
|---|
| Description | A critical stored Cross-Site Scripting (XSS) vulnerability was identified in the Online Blog Admin System (v1.0) within the pageViewMembers.php page. The vulnerability arises from unsanitized user input rendered in the member table (e.g., Full Name, Address, City, Phone), allowing payloads like <script>alert("XSS by 0xCaptainFahim")</script> to execute. Additional risks include outdated Bootstrap 3.3.4 and jQuery 1.12.4 libraries and default admin credentials.
Type: Cross-Site Scripting (XSS)
Severity: Critical (Stored XSS); Medium (Other Issues)
Affected Component: pageViewMembers.php
Affected URL: http://localhost/responsive/resblog/blogadmin/admin/pageViewMembers.php
Vulnerable Parameter: User input fields (Full Name, Address, City, Phone) |
|---|
| Source | ⚠️ https://gist.github.com/0xCaptainFahim/8bb9021dcea33863eaf0279aaca2671c |
|---|
| User | 0xCaptainFahim (UID 86447) |
|---|
| Submission | 06/11/2025 22:36 (10 months ago) |
|---|
| Moderation | 06/19/2025 12:49 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 313342 [code-projects Responsive Blog 1.0/1.12.4/3.3.4 pageViewMembers.php cross site scripting] |
|---|
| Points | 20 |
|---|