Submit #53590: Event Registration System with QR Code - Stored XSS
| Title | Event Registration System with QR Code - Stored XSS |
|---|---|
| Description | # Exploit Title: Event Registration System with QR Code - Stored XSS # Exploit Author: Krutika Thakur # Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html # Software Link: hhttps://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html # Version: v1.0 # Tested on: Windows 11, Apache Description:- A Stored XSS issue in Event Registration System with QR Code v.1.0 allows to inject Arbitrary JavaScript in Edit in "First Name"and " Last Name ". ` Payload used:- <script>confirm (document.cookie)</script> ` Parameter":- Full Name: <script>confirm (document.cookie)</script> ` Steps to reproduce:- 1. Here we go to : http://localhost/event/admin/?page=user/list 2. Now in those Parameters "First Name" and "Last Name" put your payload 3. Fill the other details and save the file 4. As we can see our xss has been triggered. |
| User | lucifoxer001 (ID 33693) |
| Submission | 26/11/2022 15:33 (1 Year ago) |
| Moderation | 30/11/2022 11:51 (4 days later) |
| Accepted | Accepterad |
| VulDB Entry | VDB-214591 |