Gửi #780417: SourceCodester Leave Application System in PHP and SQLite3 1.0 Cross Site Scriptingthông tin

tiêu đềSourceCodester Leave Application System in PHP and SQLite3 1.0 Cross Site Scripting
Mô tảA Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Leave Application System in PHP and SQLite3 developed by oretnom23. The application fails to properly sanitize user-supplied input in multiple fields such as employee name, department, and user management fields. An attacker can inject malicious JavaScript payloads which are stored in the database and executed automatically when the affected page is viewed by other users. Example payload used during testing: <img src=x onerror=alert('Spider')> Steps to reproduce: 1. Login to the application. 2. Navigate to Add Employee or Add User. 3. Insert the payload into an input field. Payload : <img src=x onerror=alert('Spider')> 4. Save the entry. 5. Navigate to the listing page. The payload is stored in the database and executed when the page This vulnerability may allow attackers to execute arbitrary JavaScript, hijack administrator sessions, or perform actions on behalf of other users.
Nguồn⚠️ https://medium.com/@hemantrajbhati5555/stored-cross-site-scripting-xss-in-php-leave-application-system-3260c881a1fa
Người dùng Hemant Raj Bhati (UID 95613)
Đệ trình15/03/2026 11:58 (cách đây 4 các tháng)
Kiểm duyệt31/03/2026 12:18 (16 days later)
Trạng tháiđược chấp nhận
Mục VulDB354345 [SourceCodester Leave Application System 1.0 User Management Tập lệnh chéo trang]
điểm20

Do you want to use VulDB in your project?

Use the official API to access entries easily!