Submit #843714: CodeAstro Complaint Management System v1.0 Stored Cross-Site Scripting (XSS)info

TitleCodeAstro Complaint Management System v1.0 Stored Cross-Site Scripting (XSS)
DescriptionA Stored Cross-Site Scripting (XSS) vulnerability exists in the Report Management functionality of the Complaint Management System. The application fails to properly sanitize user-supplied input submitted through the Report Title field when creating reports. A low-privileged authenticated user can inject malicious JavaScript code into a report title, which is later rendered within the administrator's report management interface without output encoding. When an administrator views the report listing page, the malicious payload executes in the administrator's browser context, potentially leading to session compromise, unauthorized actions, privilege escalation, and complete administrative account takeover.
Source⚠️ https://github.com/ashikmd0507/CVE/blob/main/Stored%20XSS%20in%20Report%20Title%20Field%20Allows%20Script%20Execution%20in%20Admin%20Panel/README.md
User
 ashikmd7 (UID 98284)
Submission05/30/2026 12:18 (1 month ago)
Moderation06/28/2026 18:05 (29 days later)
StatusAccepted
VulDB entry374566 [CodeAstro Complaint Management System 1.0 Report /report/addreport Report Title cross site scripting]
Points20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!