Submit #284939: PHPGurukul Tourism Management System 1.0 Stored Cross-Site Script信息

TitlePHPGurukul Tourism Management System 1.0 Stored Cross-Site Script
Description## Vulnerability Details - Vulnerability Type: Stored Cross-Site Scripting - Affected URL: http://localhost/Tourism-Management-System-PHP/tms/admin/user-bookings.php - Exploited Parameter: http://localhost/Tourism-Management-System-PHP/tms/ **Vulnerability Description:** Stored XSS, also known as persistent XSS, occurs when an application stores malicious data from a user into a database, and this data is later displayed on a web page without proper validation or sanitization. In a blind type of stored XSS, the injected script is stored, and the payload is not immediately executed upon injection. Instead, the malicious script remains dormant in the database until it is displayed to another user, typically an administrator or other privileged user. In this Scenario, Tourism Management System **** is vulnerable to cross-site scripting attack in “user-bookings.php” when an attacker enters a script payload in the “Full Name” in the Sign Up Form . When the Admin Logs in, Visits ‘Manage User’ Tab and Clicks on “User Bookings” button to see the details, The XSS is Triggered.
Source⚠️ https://drive.google.com/file/d/1ulzFlRqsex39dDUOFU2LbmphrQblSAwn/view?usp=drive_link
UserVishnuDev1 (ID 63087)
Submission2024-02-20 15時29分 (3 months ago)
Moderation2024-02-23 09時18分 (3 days later)
Status已接受
VulDB Entry254610

Do you need the next level of professionalism?

Upgrade your account now!