Gửi #264605: codeastro.com Web Application 1.0 Cross-Site Scripting (XSS)thông tin

tiêu đềcodeastro.com Web Application 1.0 Cross-Site Scripting (XSS)
Mô tảVulnerability Report: Introduction: This document outlines the identification and details of a Cross-Site Scripting (XSS) vulnerability discovered in the POS and Inventory Management System in PHP CodeIgniter. System Overview: Project Name: POS and Inventory Management System in PHP CodeIgniter Version/Build: Alger Makiputin Project Link: https://codeastro.com/pos-and-inventory-management-system-in-php-codeigniter-with-source-code/ Vulnerability Details: Description: Multiple instances of Cross-Site Scripting (XSS) vulnerabilities were found in the "new_item" parameter of the POS and Inventory Management System. Affected Area: New Item Creation Page Potential Impact: Allows an attacker to inject and execute arbitrary scripts on users' browsers, posing a significant XSS risk. Severity: High Mitigation Steps: Input Validation and Output Encoding: Implement robust input validation and output encoding for user inputs on the "new_item" page. Content Security Policy (CSP): Apply Content Security Policy (CSP) headers to mitigate XSS risks. Reproduction Steps: Access the URL: http://localhost/POS IMS-CI/new_item Input <img src/onerror=prompt(8)> in the relevant field. Submit the form. Observe the execution of the payload. Attachments: Reporter Information: Name: ABHISHEK K A Contact Information: [email protected] Role: Cybersecurity Researcher Project Details: Project Name: POS and Inventory Management System in PHP CodeIgniter Version/Build: Alger Makiputin Project Link: https://codeastro.com/pos-and-inventory-management-system-in-php-codeigniter-with-source-code/ Source of Project: The POS and Inventory Management System project was obtained from codeastro.com. Discovery Date: 06/01/2024 Your Commitment: Responsible Disclosure: I commit to responsible disclosure and will not publicly disclose the vulnerability until it has been addressed. Preferred Communication Method: Contact Information: [email protected] Timeline: The vulnerability was discovered on 06/01/2024.
Nguồn⚠️ https://drive.google.com/file/d/1_CoeXcCC8fXzKJO-Xvjuq1qYtf8QKHaM/view?usp=sharing
Người dùng ABHISHEK K.A (UID 61005)
Đệ trình09/01/2024 07:50 (cách đây 3 những năm)
Kiểm duyệt11/01/2024 13:17 (2 days later)
Trạng tháiđược chấp nhận
Mục VulDB250441 [CodeAstro POS and Inventory Management System 1.0 New Item Creation Page /new_item Tập lệnh chéo trang]
điểm20

Do you know our Splunk app?

Download it now for free!