| Title | Code-projects Simple Stock System v1.0 Stored XSS vulnerability |
|---|
| Description | A storage-type XSS vulnerability was found in the "chatuser.php " file of the "Simple Stock System" project. The root cause is that the program inserts the raw data retrieved by "$_POST" directly into the "chat_table". If an attacker sends a Payload (e.g."<img src=x onerror=alert(1)>"), the code will store it permanently in the database. When a user requests to view a chat history, "echo $msg_list" sends malicious code from the database to the browser of each user who visits the chat page. Immediate corrective actions are essential to safeguard system security and uphold data integrity. |
|---|
| Source | ⚠️ https://github.com/jjjjj-zr/jjjjjzr18/issues/2 |
|---|
| User | jjjjjzr (UID 92774) |
|---|
| Submission | 12/26/2025 07:15 (3 months ago) |
|---|
| Moderation | 12/28/2025 11:21 (2 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 337598 [code-projects Simple Stock System 1.0 /market/chatuser.php cross site scripting] |
|---|
| Points | 0 |
|---|