Submit #778031: code-projects Online Reviewer System In PHP 1.0 Cross Site Scriptinginfo

Titlecode-projects Online Reviewer System In PHP 1.0 Cross Site Scripting
DescriptionThe Online Reviewer System in PHP v1.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the btn_functions.php component. The issue occurs when the application processes the description parameter during the action=update request. User-supplied input is stored directly in the database without proper validation or output encoding. Because the stored value is later rendered in the web interface without sanitization, attackers can inject malicious HTML or JavaScript code. A crafted payload submitted through the description parameter may execute in the browser of users who view the affected question, leading to potential session hijacking or unauthorized actions within the application.
Source⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Stored%20Cross-Site%20Scripting%20(XSS)%20in%20Online%20Reviewer%20System%20PHP%20description%20Parameter.md
User
 AhmadMarzook (UID 96211)
Submission03/11/2026 21:03 (4 months ago)
Moderation03/27/2026 09:54 (16 days later)
StatusAccepted
VulDB entry353859 [code-projects Online Reviewer System up to 1.0 btn_functions.php Description cross site scripting]
Points20

Do you need the next level of professionalism?

Upgrade your account now!