| Title | code-projects Client Details System V1.0 Stored Cross-Site Scripting (XSS) |
|---|
| Description | The “Client Details” listing page displays persisted user-supplied data without encoding. If an attacker saves a payload such as <script>alert(1)</script> in any displayed field (e.g., First Name, U-Name, Email, or an uploaded filename), the payload is executed when the page is loaded. The screenshot shows a JavaScript alert firing on admin/clientview.php , evidencing successful stored XSS. |
|---|
| Source | ⚠️ https://github.com/hellonewbie/tutorial/issues/9 |
|---|
| User | LiuJiYing (UID 91591) |
|---|
| Submission | 10/13/2025 15:14 (6 months ago) |
|---|
| Moderation | 10/26/2025 17:17 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 329951 [code-projects Client Details System 1.0 /admin/clientview.php cross site scripting] |
|---|
| Points | 20 |
|---|