| tiêu đề | CampCodes Computer Laboratory Management System 1.0 Stored Cross-Site Scripting (XSS) |
|---|
| Mô tả | Vendor and Product Information:
Vendor: CampCodes
Product: Computer Laboratory Management System
Product URL: https://www.campcodes.com/projects/php/computer-laboratory-management-system/
Confidence: Confirmed
Description:
The web application has a stored cross-site scripting (XSS) vulnerability in the edit borrower info feature. An attacker can insert malicious JavaScript into the "s_lname" field, which gets displayed when updating borrower details. As a result, when other users view the affected name, the script runs in their browsers, potentially leading to session hijacking, data theft, or other malicious activities. |
|---|
| Nguồn | ⚠️ https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Computer%20Laboratory%20Management%20System.md |
|---|
| Người dùng | John Correche (UID 79510) |
|---|
| Đệ trình | 08/01/2025 03:46 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 08/01/2025 18:54 (15 hours later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 290829 [CampCodes Computer Laboratory Management System 1.0 /class/edit/edit s_lname Tập lệnh chéo trang] |
|---|
| điểm | 20 |
|---|