| Title | code-projects.org Simple Content Management System in php 1.0 Cross Site Scripting |
|---|
| Description | A Stored XSS vulnerability exists in Simple Content Management System 1.0. The News Title field in /web/admin/welcome.php does not sanitize input before storing it in the database. The payload executes on /web/index.php for every visitor, allowing cookie theft and session hijacking. |
|---|
| Source | ⚠️ https://github.com/Xmyronn/simple-cms-stored-xss-news-title |
|---|
| User | imad alvi (UID 97088) |
|---|
| Submission | 04/05/2026 03:22 (11 days ago) |
|---|
| Moderation | 04/13/2026 10:24 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 357107 [code-projects Simple Content Management System 1.0 /web/admin/welcome.php News Title cross site scripting] |
|---|
| Points | 18 |
|---|