Submit #855983: code-projects Online Job Portal System 1.0 Improper Neutralization of Alternate XSS Syntaxinfo

Titlecode-projects Online Job Portal System 1.0 Improper Neutralization of Alternate XSS Syntax
DescriptionCore Components & Features News Management Module A Create News section at the top allows administrators to add new news items by entering the News content and News Date. A News List table displays all existing records, showing: Id: The unique record ID. News: The title/content of the news item. Date: The publication date. Edit / Delete: Functional links for modifying or removing records. Evidence of Vulnerability Exploitation The pop-up dialog 8080-75f64ce3245bfb8f.monkeycode-ai.online containing the value 1 indicates that an XSS (Cross-Site Scripting) attack was successfully executed. The third news item (ID 3) shows only the number 1 in the News field, which is the result of the injected script (alert(1)) running. This confirms that the application is vulnerable to Stored XSS, where malicious scripts are saved to the database and executed for all users who view the page.
Source⚠️ https://github.com/shihuizhang-dazhi/MY-CVE/issues/8
User
 dazhi (UID 87857)
Submission06/11/2026 13:08 (1 month ago)
Moderation07/13/2026 23:19 (1 month later)
StatusDuplicate
VulDB entry249818 [Online Job Portal 1.0 Create News Page /Admin/News.php cross site scripting]
Points0

Do you want to use VulDB in your project?

Use the official API to access entries easily!