| tiêu đề | projectworlds Advanced Library Management System 1 Improper Neutralization of Alternate XSS Syntax |
|---|
| Mô tả | A stored cross-site scripting (XSS) vulnerability was identified in Advanced Library Management System V1.0. The issue occurs in the /edit_admin.php?admin_id=1 endpoint, where the firstname POST parameter is stored in the database and later rendered in the application without proper escaping. An authenticated attacker can inject malicious JavaScript (e.g., <script>alert(/XSS/)</script>), which will execute whenever the affected page is viewed. Successful exploitation could lead to session hijacking, account takeover, CSRF, or distribution of malicious content to other users. The root cause is insufficient input validation and missing context-aware output encoding. Recommended fixes include applying htmlspecialchars() for output, enforcing strict input validation, implementing a Content Security Policy (CSP), and sanitizing existing stored values. |
|---|
| Nguồn | ⚠️ https://github.com/ChenGuangHuangHun/CVE/issues/2 |
|---|
| Người dùng | chenguang (UID 91178) |
|---|
| Đệ trình | 01/10/2025 08:25 (cách đây 7 các tháng) |
|---|
| Kiểm duyệt | 07/10/2025 13:44 (6 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 327360 [projectworlds Advanced Library Management System 1.0 /edit_admin.php firstname Tập lệnh chéo trang] |
|---|
| điểm | 20 |
|---|